Release of libvirt-7.2.0

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
docs: Fix broken link in migrationinternals
2025-09-24 21:44:59 +03:00 · 2021-04-01 12:17:47 +02:00 · 2021-03-31 20:09:38 +02:00 · 2021-03-31 19:13:57 +02:00 · 2021-03-31 17:14:39 +02:00 · 2021-03-30 14:00:17 +02:00
3508 changed files with 444901 additions and 125707 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,9 @@
 *.orig
 .git-module-status

+# python related ignores
+__pycache__/
+
 # libvirt related ignores
 /build/
 /ci/scratch/
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -14,12 +14,16 @@ stages:

 # Common templates

-.container_job_template: &container_job_definition
+.container_job:
  image: docker:stable
  stage: containers
  needs: []
  services:
    - docker:dind
+  rules:
+    - if: "$TEMPORARILY_DISABLED"
+      allow_failure: true
+    - when: on_success
  before_script:
    - export TAG="$CI_REGISTRY_IMAGE/ci-$NAME:latest"
    - export COMMON_TAG="$CI_REGISTRY/libvirt/libvirt/ci-$NAME:latest"
@@ -27,7 +31,7 @@ stages:
    - docker login registry.gitlab.com -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
  script:
    - docker pull "$TAG" || docker pull "$COMMON_TAG" || true
-    - docker build --cache-from "$TAG" --cache-from "$COMMON_TAG" --tag "$TAG" -f "ci/containers/libvirt-$NAME.Dockerfile" ci/containers
+    - docker build --cache-from "$TAG" --cache-from "$COMMON_TAG" --tag "$TAG" -f "ci/containers/$NAME.Dockerfile" ci/containers
    - docker push "$TAG"
  after_script:
    - docker logout
@@ -36,13 +40,17 @@ stages:
 # needed for the pipeline itself to complete: those sometimes fail, and when
 # that happens it's mostly because of temporary issues with Debian sid. We
 # don't want those failures to affect the overall pipeline status
-.container_optional_job_template: &container_optional_job_definition
-  <<: *container_job_definition
+.container_optional_job:
+  extends: .container_job
  allow_failure: true

-.native_build_job_template: &native_build_job_definition
+.native_build_job:
  stage: builds
  image: $CI_REGISTRY_IMAGE/ci-$NAME:latest
+  rules:
+    - if: "$TEMPORARILY_DISABLED"
+      allow_failure: true
+    - when: on_success
  cache:
    paths:
      - ccache/
@@ -51,24 +59,17 @@ stages:
    - *script_variables
  script:
    - meson build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
-    - ninja -C build dist
-
-# Default native build job only for CentOS 7 that is always run
-# meson dist fails on CentOS 7 because of old git that fails to clone
-# from shallow git repository which is done when running meson dist
-.native_build_centos_7_job_template: &native_build_centos_7_job_definition
-  stage: builds
-  image: $CI_REGISTRY_IMAGE/ci-$NAME:latest
-  cache:
-    paths:
-      - ccache/
-    key: "$CI_JOB_NAME"
-  before_script:
-    - *script_variables
-  script:
-    - meson build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
-    - ninja -C build
-    - ninja -C build test
+    - if test "$DIST" != "skip";
+      then
+        ninja -C build dist;
+      else
+        ninja -C build;
+        ninja -C build test;
+      fi
+    - if test -x /usr/bin/rpmbuild && test "$RPM" != "skip";
+      then
+        rpmbuild --nodeps -ta build/meson-dist/libvirt-*.tar.xz;
+      fi

 # Jobs that we delegate to Cirrus CI because they require an operating
 # system other than Linux. These jobs will only run if the required
@@ -82,102 +83,108 @@ stages:
 # Note that the $PATH environment variable has to be treated with
 # special care, because we can't just override it at the GitLab CI job
 # definition level or we risk breaking it completely.
-.cirrus_build_job_template: &cirrus_build_job_definition
+.cirrus_build_job:
  stage: builds
  image: registry.gitlab.com/libvirt/libvirt-ci/cirrus-run:master
  needs: []
  script:
-    - source ci/cirrus/libvirt-$NAME.vars
+    - source ci/cirrus/$NAME.vars
    - sed -e "s|[@]CI_REPOSITORY_URL@|$CI_REPOSITORY_URL|g"
          -e "s|[@]CI_COMMIT_REF_NAME@|$CI_COMMIT_REF_NAME|g"
          -e "s|[@]CI_COMMIT_SHA@|$CI_COMMIT_SHA|g"
          -e "s|[@]CIRRUS_VM_INSTANCE_TYPE@|$CIRRUS_VM_INSTANCE_TYPE|g"
          -e "s|[@]CIRRUS_VM_IMAGE_SELECTOR@|$CIRRUS_VM_IMAGE_SELECTOR|g"
          -e "s|[@]CIRRUS_VM_IMAGE_NAME@|$CIRRUS_VM_IMAGE_NAME|g"
+          -e "s|[@]UPDATE_COMMAND@|$UPDATE_COMMAND|g"
          -e "s|[@]INSTALL_COMMAND@|$INSTALL_COMMAND|g"
          -e "s|[@]PATH@|$PATH_EXTRA${PATH_EXTRA:+:}\$PATH|g"
          -e "s|[@]PKG_CONFIG_PATH@|$PKG_CONFIG_PATH|g"
          -e "s|[@]PKGS@|$PKGS|g"
          -e "s|[@]MAKE@|$MAKE|g"
          -e "s|[@]PYTHON@|$PYTHON|g"
-          -e "s|[@]PIP@|$PIP|g"
+          -e "s|[@]PIP3@|$PIP3|g"
          -e "s|[@]PYPI_PKGS@|$PYPI_PKGS|g"
      <ci/cirrus/build.yml >ci/cirrus/$NAME.yml
    - cat ci/cirrus/$NAME.yml
    - cirrus-run -v --show-build-log always ci/cirrus/$NAME.yml
-  only:
-    variables:
-      - $CIRRUS_GITHUB_REPO
-      - $CIRRUS_API_TOKEN
+  rules:
+    - if: "$TEMPORARILY_DISABLED"
+      allow_failure: true
+    - if: "$CIRRUS_GITHUB_REPO && $CIRRUS_API_TOKEN"

-.cross_build_default_job_template: &cross_build_job_definition
+.cross_build_job:
  stage: builds
  image: $CI_REGISTRY_IMAGE/ci-$NAME-cross-$CROSS:latest
  cache:
    paths:
      - ccache/
    key: "$CI_JOB_NAME"
+  rules:
+    - if: "$TEMPORARILY_DISABLED"
+      allow_failure: true
+    - when: on_success
  before_script:
    - *script_variables
  script:
    - meson build --werror $MESON_OPTS || (cat build/meson-logs/meson-log.txt && exit 1)
    - ninja -C build
+    - if test "$CROSS" = "i686" ; then ninja -C build test ; fi


 # Native container build jobs

 x64-centos-7-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: centos-7

 x64-centos-8-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: centos-8

 x64-centos-stream-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: centos-stream

 x64-debian-10-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: debian-10

 x64-debian-sid-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: debian-sid

-x64-fedora-31-container:
-  <<: *container_job_definition
-  variables:
-    NAME: fedora-31
-
 x64-fedora-32-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: fedora-32

+x64-fedora-33-container:
+  extends: .container_job
+  variables:
+    NAME: fedora-33
+
 x64-fedora-rawhide-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: fedora-rawhide

-x64-opensuse-151-container:
-  <<: *container_job_definition
+x64-opensuse-152-container:
+  extends: .container_job
  variables:
-    NAME: opensuse-151
+    NAME: opensuse-152

 x64-ubuntu-1804-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: ubuntu-1804

 x64-ubuntu-2004-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: ubuntu-2004

@@ -185,97 +192,97 @@ x64-ubuntu-2004-container:
 # Cross-build containers build jobs

 aarch64-debian-10-container:
-  <<: *container_job_definition
+  extends: .container_optional_job
  variables:
    NAME: debian-10-cross-aarch64

 armv6l-debian-10-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: debian-10-cross-armv6l

 armv7l-debian-10-container:
-  <<: *container_optional_job_definition
+  extends: .container_job
  variables:
    NAME: debian-10-cross-armv7l

 i686-debian-10-container:
-  <<: *container_optional_job_definition
+  extends: .container_optional_job
  variables:
    NAME: debian-10-cross-i686

 mips-debian-10-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: debian-10-cross-mips

 mips64el-debian-10-container:
-  <<: *container_job_definition
+  extends: .container_optional_job
  variables:
    NAME: debian-10-cross-mips64el

 mipsel-debian-10-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: debian-10-cross-mipsel

 ppc64le-debian-10-container:
-  <<: *container_optional_job_definition
+  extends: .container_job
  variables:
    NAME: debian-10-cross-ppc64le

 s390x-debian-10-container:
-  <<: *container_optional_job_definition
+  extends: .container_optional_job
  variables:
    NAME: debian-10-cross-s390x

 aarch64-debian-sid-container:
-  <<: *container_optional_job_definition
+  extends: .container_job
  variables:
    NAME: debian-sid-cross-aarch64

 armv6l-debian-sid-container:
-  <<: *container_optional_job_definition
+  extends: .container_optional_job
  variables:
    NAME: debian-sid-cross-armv6l

 armv7l-debian-sid-container:
-  <<: *container_job_definition
+  extends: .container_optional_job
  variables:
    NAME: debian-sid-cross-armv7l

 i686-debian-sid-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: debian-sid-cross-i686

 mips64el-debian-sid-container:
-  <<: *container_optional_job_definition
+  extends: .container_job
  variables:
    NAME: debian-sid-cross-mips64el

 mipsel-debian-sid-container:
-  <<: *container_optional_job_definition
+  extends: .container_optional_job
  variables:
    NAME: debian-sid-cross-mipsel

 ppc64le-debian-sid-container:
-  <<: *container_job_definition
+  extends: .container_optional_job
  variables:
    NAME: debian-sid-cross-ppc64le

 s390x-debian-sid-container:
-  <<: *container_optional_job_definition
+  extends: .container_job
  variables:
    NAME: debian-sid-cross-s390x

 mingw32-fedora-rawhide-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: fedora-rawhide-cross-mingw32

 mingw64-fedora-rawhide-container:
-  <<: *container_job_definition
+  extends: .container_job
  variables:
    NAME: fedora-rawhide-cross-mingw64

@@ -283,14 +290,14 @@ mingw64-fedora-rawhide-container:
 # Native architecture build + test jobs

 x64-debian-10:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-debian-10-container
  variables:
    NAME: debian-10

 x64-debian-10-clang:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-debian-10-container
  variables:
@@ -298,107 +305,123 @@ x64-debian-10-clang:
    CC: clang

 x64-debian-sid:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-debian-sid-container
  variables:
    NAME: debian-sid

 x64-centos-7:
-  <<: *native_build_centos_7_job_definition
+  extends: .native_build_job
  needs:
    - x64-centos-7-container
  variables:
    NAME: centos-7
+    # meson dist fails on CentOS 7 because of old git that fails to clone
+    # from shallow git repository which is done when running meson dist
+    DIST: skip
+    RPM: skip

 x64-centos-8:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-centos-8-container
  variables:
    NAME: centos-8
+    RPM: skip

 x64-centos-8-clang:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-centos-8-container
  variables:
    NAME: centos-8
    CC: clang
+    RPM: skip

 x64-centos-stream:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-centos-stream-container
  variables:
    NAME: centos-stream
-
-x64-fedora-31:
-  <<: *native_build_job_definition
-  needs:
-    - x64-fedora-31-container
-  variables:
-    NAME: fedora-31
+    RPM: skip

 x64-fedora-32:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-fedora-32-container
  variables:
    NAME: fedora-32
+    RPM: skip
+
+x64-fedora-33:
+  extends: .native_build_job
+  needs:
+    - x64-fedora-33-container
+  variables:
+    NAME: fedora-33

 x64-fedora-rawhide:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-fedora-rawhide-container
  variables:
    NAME: fedora-rawhide
+    # Temp workaround until we see what resolution is for
+    # https://bugzilla.redhat.com/show_bug.cgi?id=1919965
+    # Hopefully remove before F34 is released.
+    CFLAGS: -gdwarf-4

 x64-fedora-rawhide-clang:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-fedora-rawhide-container
  variables:
    NAME: fedora-rawhide
    CC: clang
+    RPM: skip

-x64-opensuse-151:
-  <<: *native_build_job_definition
+x64-opensuse-152:
+  extends: .native_build_job
  needs:
-    - x64-opensuse-151-container
+    - x64-opensuse-152-container
  variables:
-    NAME: opensuse-151
+    NAME: opensuse-152
+    RPM: skip

 x64-ubuntu-1804:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-ubuntu-1804-container
  variables:
    NAME: ubuntu-1804

 x64-ubuntu-2004:
-  <<: *native_build_job_definition
+  extends: .native_build_job
  needs:
    - x64-ubuntu-2004-container
  variables:
    NAME: ubuntu-2004

 x64-freebsd-12-build:
-  <<: *cirrus_build_job_definition
+  extends: .cirrus_build_job
  variables:
    NAME: freebsd-12
    CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
    CIRRUS_VM_IMAGE_SELECTOR: image_family
-    CIRRUS_VM_IMAGE_NAME: freebsd-12-1
+    CIRRUS_VM_IMAGE_NAME: freebsd-12-2
+    UPDATE_COMMAND: pkg update
    INSTALL_COMMAND: pkg install -y

-x64-macos-1015-build:
-  <<: *cirrus_build_job_definition
+x64-macos-11-build:
+  extends: .cirrus_build_job
  variables:
-    NAME: macos-1015
+    NAME: macos-11
    CIRRUS_VM_INSTANCE_TYPE: osx_instance
    CIRRUS_VM_IMAGE_SELECTOR: image
-    CIRRUS_VM_IMAGE_NAME: catalina-base
+    CIRRUS_VM_IMAGE_NAME: big-sur-base
+    UPDATE_COMMAND: brew update
    INSTALL_COMMAND: brew install
    PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin:/usr/local/opt/libpcap/bin:/usr/local/opt/libxslt/bin:/usr/local/opt/rpcgen/bin
    PKG_CONFIG_PATH: /usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/libpcap/lib/pkgconfig:/usr/local/opt/libxml2/lib/pkgconfig:/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/readline/lib/pkgconfig
@@ -406,8 +429,16 @@ x64-macos-1015-build:

 # Cross compiled build jobs

+aarch64-debian-sid:
+  extends: .cross_build_job
+  needs:
+    - aarch64-debian-sid-container
+  variables:
+    NAME: debian-sid
+    CROSS: aarch64
+
 armv6l-debian-10:
-  <<: *cross_build_job_definition
+  extends: .cross_build_job
  needs:
    - armv6l-debian-10-container
  variables:
@@ -415,71 +446,63 @@ armv6l-debian-10:
    CROSS: armv6l

 armv7l-debian-10:
-  <<: *cross_build_job_definition
+  extends: .cross_build_job
  needs:
    - armv7l-debian-10-container
  variables:
    NAME: debian-10
    CROSS: armv7l

-mips64el-debian-10:
-  <<: *cross_build_job_definition
-  needs:
-    - mips64el-debian-10-container
-  variables:
-    NAME: debian-10
-    CROSS: mips64el
-
-mips-debian-10:
-  <<: *cross_build_job_definition
-  needs:
-    - mips-debian-10-container
-  variables:
-    NAME: debian-10
-    CROSS: mips
-
-aarch64-debian-10:
-  <<: *cross_build_job_definition
-  needs:
-    - aarch64-debian-10-container
-  variables:
-    NAME: debian-10
-    CROSS: aarch64
-
-mipsel-debian-10:
-  <<: *cross_build_job_definition
-  needs:
-    - mipsel-debian-10-container
-  variables:
-    NAME: debian-10
-    CROSS: mipsel
-
-s390x-debian-sid:
-  <<: *cross_build_job_definition
-  needs:
-    - s390x-debian-10-container
-  variables:
-    NAME: debian-sid
-    CROSS: s390x
-
 i686-debian-sid:
-  <<: *cross_build_job_definition
+  extends: .cross_build_job
  needs:
    - i686-debian-sid-container
  variables:
    NAME: debian-sid
    CROSS: i686

-ppc64le-debian-sid:
-  <<: *cross_build_job_definition
+mips-debian-10:
+  extends: .cross_build_job
+  needs:
+    - mips-debian-10-container
+  variables:
+    NAME: debian-10
+    CROSS: mips
+
+mips64el-debian-sid:
+  extends: .cross_build_job
+  needs:
+    - mips64el-debian-sid-container
+  variables:
+    NAME: debian-sid
+    CROSS: mips64el
+
+mipsel-debian-10:
+  extends: .cross_build_job
+  needs:
+    - mipsel-debian-10-container
+  variables:
+    NAME: debian-10
+    CROSS: mipsel
+
+ppc64le-debian-10:
+  extends: .cross_build_job
  needs:
    - ppc64le-debian-10-container
  variables:
-    NAME: debian-sid
+    NAME: debian-10
    CROSS: ppc64le

+s390x-debian-sid:
+  extends: .cross_build_job
+  needs:
+    - s390x-debian-sid-container
+  variables:
+    NAME: debian-sid
+    CROSS: s390x
+
 mingw32-fedora-rawhide:
-  <<: *cross_build_job_definition
+  extends: .cross_build_job
  needs:
    - mingw32-fedora-rawhide-container
  variables:
@@ -487,7 +510,7 @@ mingw32-fedora-rawhide:
    CROSS: mingw32

 mingw64-fedora-rawhide:
-  <<: *cross_build_job_definition
+  extends: .cross_build_job
  needs:
    - mingw64-fedora-rawhide-container
  variables:
@@ -520,9 +543,9 @@ website:

 codestyle:
  stage: builds
-  image: $CI_REGISTRY_IMAGE/ci-opensuse-151:latest
+  image: $CI_REGISTRY_IMAGE/ci-opensuse-152:latest
  needs:
-    - x64-opensuse-151-container
+    - x64-opensuse-152-container
  before_script:
    - *script_variables
  script:
@@ -539,8 +562,8 @@ potfile:
  image: $CI_REGISTRY_IMAGE/ci-centos-8:latest
  needs:
    - x64-centos-8-container
-  only:
-    - master
+  rules:
+    - if: "$CI_COMMIT_BRANCH == 'master'"
  before_script:
    - *script_variables
  script:
@@ -567,8 +590,24 @@ check-dco:
  image: registry.gitlab.com/libvirt/libvirt-ci/check-dco:master
  script:
    - /check-dco
-  except:
-    variables:
-      - $CI_PROJECT_NAMESPACE == 'libvirt'
+  rules:
+    - if: "$CI_PROJECT_NAMESPACE != 'libvirt'"
  variables:
    GIT_DEPTH: 1000
+
+
+# Coverity job that is run only by schedules
+coverity:
+  image: $CI_REGISTRY_IMAGE/ci-centos-8:latest
+  needs:
+    - x64-centos-8-container
+  stage: builds
+  script:
+    - curl https://scan.coverity.com/download/linux64 --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN -o /tmp/cov-analysis-linux64.tgz
+    - tar xfz /tmp/cov-analysis-linux64.tgz
+    - meson build
+    - cov-analysis-linux64-*/bin/cov-build --dir cov-int ninja -C build
+    - tar cfz cov-int.tar.gz cov-int
+    - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL --form file=@cov-int.tar.gz --form version="$(git describe --tags)" --form description="$(git describe --tags) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
+  rules:
+    - if: "$CI_PIPELINE_SOURCE == 'schedule' && $COVERITY_SCAN_PROJECT_NAME && $COVERITY_SCAN_TOKEN"
--- a/.gitlab/issue_templates/bug.md
+++ b/.gitlab/issue_templates/bug.md
@@ -0,0 +1,24 @@
+<!-- See https://libvirt.org/bugs.html#quality for guidance -->
+
+## Software environment
+ - Operating system:
+ - Architecture:
+ - kernel version:
+ - libvirt version:
+ - Hypervisor and version:
+
+## Description of problem
+
+## Steps to reproduce
+1.
+2.
+3.
+
+## Additional information
+<!-- Attach XML configs, logs, stack traces, etc. Compress the files if necessary -->
+<!-- See https://libvirt.org/kbase/debuglogs.html on how to configure logging -->
+
+
+
+<!-- The line below ensures that proper tags are added to the issue. -- >
+/label ~bug
--- a/.gitlab/issue_templates/feature.md
+++ b/.gitlab/issue_templates/feature.md
@@ -0,0 +1,14 @@
+## Goal
+<!-- Describe the final result you want to achieve. Avoid design specifics. -->
+
+
+## Technical details
+<!-- Describe technical details, design specifics, suggestions, versions, etc. -->
+
+
+## Additional information
+
+
+
+<!-- The line below ensures that proper tags are added to the issue. -- >
+/label ~enhancement
--- a/.mailmap
+++ b/.mailmap
@@ -47,6 +47,7 @@
 <fidencio@redhat.com> <fabiano@fidencio.org>
 <shi_lei@massclouds.com> <shilei.massclouds@gmx.com>
 <adrian.brzezinski@eo.pl> <redhat@adrb.pl>
+<matt@datto.com> <mcoleman@datto.com>

 # Name consolidation:
 # Preferred author spelling <preferred email>
--- a/AUTHORS.in
+++ b/AUTHORS.in
@@ -1,103 +0,0 @@
-   libvirt Authors
-   ===============
-
-The libvirt project was initiated by:
-
-Daniel Veillard <veillard@redhat.com> or <daniel@veillard.com>
-
-The primary maintainers and people with commit access rights:
-
-Andrea Bolognani <abologna@redhat.com>
-Cédric Bosdonnat <cbosdonnat@suse.com>
-Christian Ehrhardt <christian.ehrhardt@canonical.com>
-Christophe Fergeau <cfergeau@redhat.com>
-Cole Robinson <crobinso@redhat.com>
-Daniel P. Berrangé <berrange@redhat.com>
-Daniel Veillard <veillard@redhat.com>
-Eric Blake <eblake@redhat.com>
-Erik Skultety <eskultet@redhat.com>
-Fabiano Fidêncio <fidencio@redhat.com>
-Guido Günther <agx@sigxcpu.org>
-Ján Tomko <jtomko@redhat.com>
-Jim Fehlig <jfehlig@suse.com>
-Jiří Denemark <jdenemar@redhat.com>
-Laine Stump <laine@redhat.com>
-Martin Kletzander <mkletzan@redhat.com>
-Michal Prívozník <mprivozn@redhat.com>
-Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-Pavel Hrdina <phrdina@redhat.com>
-Peter Krempa <pkrempa@redhat.com>
-Pino Toscano <ptoscano@redhat.com>
-Richard W.M. Jones <rjones@redhat.com>
-Roman Bogorodskiy <bogorodskiy@gmail.com>
-
-Previous maintainers:
-
-Alex Jia <ajia@redhat.com>
-Anthony Liguori <aliguori@us.ibm.com>
-Atsushi SAKAI <sakaia@jp.fujitsu.com>
-Chris Lalancette <clalance@redhat.com>
-Claudio Bley <claudio.bley@gmail.com>
-Dan Smith <danms@us.ibm.com>
-Dave Allan <dallan@redhat.com>
-Dave Leskovec <dlesko@linux.vnet.ibm.com>
-Dmitry Guryanov <dguryanov@parallels.com>
-Doug Goldstein <cardoe@gentoo.org>
-Gao Feng <gaofeng@cn.fujitsu.com>
-Guannan Ren <gren@redhat.com>
-Jim Meyering <meyering@redhat.com>
-John Ferlan <jferlan@redhat.com>
-John Levon <john.levon@sun.com>
-Justin Clift <jclift@redhat.com>
-Karel Zak <kzak@redhat.com>
-Katerina Koukiou <kkoukiou@redhat.com>
-Mark McLoughlin <markmc@redhat.com>
-Matthias Bolte <matthias.bolte@googlemail.com>
-Maxim Nestratov <mnestratov@virtuozzo.com>
-Osier Yang <jyang@redhat.com>
-Stefan Berger <stefanb@us.ibm.com>
-Wen Congyang <wency@cn.fujitsu.com>
-
-Patches have also been contributed by:
-
-Abel Míguez Rodríguez <amiguezr@pdi.ucm.es>
-Amit Shah <amit.shah@redhat.com>
-Andrew Puch <apuch@redhat.com>
-Anton Protopopov <aspsk2@gmail.com>
-Ben Guthro <ben.guthro@gmail.com>
-Daniel Hokka Zakrisson <daniel@hozac.com>
-Dan Wendlandt <dan@nicira.com>
-David Lively <dlively@virtualiron.com>
-David Lutterkort <dlutter@redhat.com>
-Evgeniy Sokolov <evg@openvz.org>
-Hugh Brock <hbrock@redhat.com>
-Itamar Heim <iheim@redhat.com>
-James Morris <jmorris@namei.org>
-Javier Fontan <jfontan@gmail.com>
-Jeremy Katz <katzj@redhat.com>
-Kaitlin Rupert <kaitlin@linux.vnet.ibm.com>
-Kazuki Mizushima <mizushima.kazuk@jp.fujitsu.com>
-Mads Chr. Olesen <shiyee@shiyee.dk>
-Mark Johnson <johnson.nh@gmail.com>
-Markus Armbruster <armbru@redhat.com>
-Masayuki Sunou <fj1826dm@aa.jp.fujitsu.com>
-Matthias Witte <witte@netzquadrat.de>
-Michel Ponceau <michel.ponceau@bull.net>
-Nobuhiro Itou <fj0873gn@aa.jp.fujitsu.com>
-Pete Vetere <pvetere@redhat.com>
-Philippe Berthault <philippe.berthault@Bull.net>
-Saori Fukuta <fukuta.saori@jp.fujitsu.com>
-Shigeki Sakamoto <fj0588di@aa.jp.fujitsu.com>
-Shuveb Hussain <shuveb@binarykarma.com>
-Stefan de Konink <dekonink@kinkrsoftware.nl>
-Takahashi Tomohiro <takatom@jp.fujitsu.com>
-Tatsuro Enokura <fj7716hz@aa.jp.fujitsu.com>
-
-@contributorslist@
-
-The libvirt logo was designed by Diana Fong
-
-- End
-;; Local Variables:
-;; coding: utf-8
-;; End:
--- a/AUTHORS.rst.in
+++ b/AUTHORS.rst.in
@@ -0,0 +1,99 @@
+===============
+libvirt Authors
+===============
+
+The libvirt project was initiated by:
+
+* Daniel Veillard <veillard@redhat.com> or <daniel@veillard.com>
+
+The primary maintainers and people with commit access rights:
+
+* Andrea Bolognani <abologna@redhat.com>
+* Cédric Bosdonnat <cbosdonnat@suse.com>
+* Christian Ehrhardt <christian.ehrhardt@canonical.com>
+* Christophe Fergeau <cfergeau@redhat.com>
+* Cole Robinson <crobinso@redhat.com>
+* Daniel P. Berrangé <berrange@redhat.com>
+* Daniel Veillard <veillard@redhat.com>
+* Eric Blake <eblake@redhat.com>
+* Erik Skultety <eskultet@redhat.com>
+* Fabiano Fidêncio <fidencio@redhat.com>
+* Guido Günther <agx@sigxcpu.org>
+* Ján Tomko <jtomko@redhat.com>
+* Jim Fehlig <jfehlig@suse.com>
+* Jiří Denemark <jdenemar@redhat.com>
+* Laine Stump <laine@redhat.com>
+* Martin Kletzander <mkletzan@redhat.com>
+* Michal Prívozník <mprivozn@redhat.com>
+* Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
+* Pavel Hrdina <phrdina@redhat.com>
+* Peter Krempa <pkrempa@redhat.com>
+* Pino Toscano <ptoscano@redhat.com>
+* Richard W.M. Jones <rjones@redhat.com>
+* Roman Bogorodskiy <bogorodskiy@gmail.com>
+
+Previous maintainers:
+
+* Alex Jia <ajia@redhat.com>
+* Anthony Liguori <aliguori@us.ibm.com>
+* Atsushi SAKAI <sakaia@jp.fujitsu.com>
+* Chris Lalancette <clalance@redhat.com>
+* Claudio Bley <claudio.bley@gmail.com>
+* Dan Smith <danms@us.ibm.com>
+* Dave Allan <dallan@redhat.com>
+* Dave Leskovec <dlesko@linux.vnet.ibm.com>
+* Dmitry Guryanov <dguryanov@parallels.com>
+* Doug Goldstein <cardoe@gentoo.org>
+* Gao Feng <gaofeng@cn.fujitsu.com>
+* Guannan Ren <gren@redhat.com>
+* Jim Meyering <meyering@redhat.com>
+* John Ferlan <jferlan@redhat.com>
+* John Levon <john.levon@sun.com>
+* Justin Clift <jclift@redhat.com>
+* Karel Zak <kzak@redhat.com>
+* Katerina Koukiou <kkoukiou@redhat.com>
+* Mark McLoughlin <markmc@redhat.com>
+* Matthias Bolte <matthias.bolte@googlemail.com>
+* Maxim Nestratov <mnestratov@virtuozzo.com>
+* Osier Yang <jyang@redhat.com>
+* Stefan Berger <stefanb@us.ibm.com>
+* Wen Congyang <wency@cn.fujitsu.com>
+
+Patches have also been contributed by:
+
+* Abel Míguez Rodríguez <amiguezr@pdi.ucm.es>
+* Amit Shah <amit.shah@redhat.com>
+* Andrew Puch <apuch@redhat.com>
+* Anton Protopopov <aspsk2@gmail.com>
+* Ben Guthro <ben.guthro@gmail.com>
+* Daniel Hokka Zakrisson <daniel@hozac.com>
+* Dan Wendlandt <dan@nicira.com>
+* David Lively <dlively@virtualiron.com>
+* David Lutterkort <dlutter@redhat.com>
+* Evgeniy Sokolov <evg@openvz.org>
+* Hugh Brock <hbrock@redhat.com>
+* Itamar Heim <iheim@redhat.com>
+* James Morris <jmorris@namei.org>
+* Javier Fontan <jfontan@gmail.com>
+* Jeremy Katz <katzj@redhat.com>
+* Kaitlin Rupert <kaitlin@linux.vnet.ibm.com>
+* Kazuki Mizushima <mizushima.kazuk@jp.fujitsu.com>
+* Mads Chr. Olesen <shiyee@shiyee.dk>
+* Mark Johnson <johnson.nh@gmail.com>
+* Markus Armbruster <armbru@redhat.com>
+* Masayuki Sunou <fj1826dm@aa.jp.fujitsu.com>
+* Matthias Witte <witte@netzquadrat.de>
+* Michel Ponceau <michel.ponceau@bull.net>
+* Nobuhiro Itou <fj0873gn@aa.jp.fujitsu.com>
+* Pete Vetere <pvetere@redhat.com>
+* Philippe Berthault <philippe.berthault@Bull.net>
+* Saori Fukuta <fukuta.saori@jp.fujitsu.com>
+* Shigeki Sakamoto <fj0588di@aa.jp.fujitsu.com>
+* Shuveb Hussain <shuveb@binarykarma.com>
+* Stefan de Konink <dekonink@kinkrsoftware.nl>
+* Takahashi Tomohiro <takatom@jp.fujitsu.com>
+* Tatsuro Enokura <fj7716hz@aa.jp.fujitsu.com>
+
+@contributorslist@
+
+The libvirt logo was designed by Diana Fong
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -8,7 +8,517 @@ the changes introduced by each of them.
 For a more fine-grained view, use the `git log`_.


-v6.7.0 (unreleased)
+v7.2.0 (2021-04-01)
+===================
+
+* **New features**
+
+  * qemu: Implement domain memory dirty rate calculation API
+
+    New API ``virDomainStartDirtyRateCalc()`` and virsh command
+    ``domdirtyrate-calc`` are added to start calculating a live domain's
+    memory dirty rate.
+
+  * qemu: Support reporting memory dirty rate stats
+
+    The memory dirty rate stats can be obtained through ``virsh domstats
+    --dirtyrate`` via the virConnectGetAllDomainStats API.
+
+  * qemu: Full disk backups via ``virDomainBackupBegin``
+
+    The qemu hypervisor driver now allows taking full disk backups via the
+    ``virDomainBackupBegin`` API and the corresponding virsh wrapper.
+
+    In future releases the feature will be extended to also support incremental
+    backups (where only the difference since the last backup is copied) when
+    qemu adds the required functionality.
+
+  * Add support for audio backend specific settings
+
+    With this release a new ``<audio/>`` element is introduced that allows
+    users to configure audio output for their guests.
+
+* **Improvements**
+
+  * qemu: Compatibility with QEMU 6.0 for certain hot-(un)-plug operations
+
+    Libvirt 7.2.0 is required for compatibility with the upcoming QEMU 6.0
+    release for hotplug and hotunplug of certain devices and helpers, such as
+    iothreads, chardevs, RNG devices, disks with secret, ...
+
+  * qemu: Various improvements to embedded mode
+
+    Embedded mode for the QEMU driver, as well as the ``virt-qemu-run`` tool
+    saw improvements in handling of domain life cycle, temporary directories
+    creation (important when using disk secrets) and other minor fixes.
+
+  * Documentation of split daemon related config files
+
+    Split daemons read configuration files upon their start. These were never
+    documented though.
+
+* **Bug fixes**
+
+  * Check host CPU for forbidden features
+
+    CPU feature policy did not work as expected with ``host-passthrough`` and
+    features supported by physical host. CPU features were not filtered out
+    when ``@check`` was set to ``full``.
+
+  * Fix virNetworkUpdate() to work with split daemons
+
+    Due to a bug in our code, virNetworkUpdate() did not work with split daemon
+    unless management application connected to virtnetworkd directly.
+
+  * qemu: increase locked memory limit when a vDPA device is present
+
+    Just like VFIO devices, vDPA devices may need to have all guest memory
+    pages locked/pinned in order to operate properly. These devices are now
+    included when calculating the limit for memory lock.
+
+  * Don't log error if SRIOV PF has no associated netdev
+
+    Some SRIOV PFs don't have a netdev associated with them in which case
+    libvirtd reported an error and refused to start. This is now fixed.
+
+  * qemu: Only raise memlock limit if necessary
+
+    Attempting to set the memlock limit might fail if we're running
+    in a containerized environment where ``CAP_SYS_RESOURCE`` is not
+    available, and if the limit is already high enough there's no
+    point in trying to raise it anyway.
+
+  * Restore security context of swtpm.log
+
+    If a guest with emulated TPM was started and the daemon was restarted
+    afterwards, the security context of the per-domain ``swtpm.log`` file was
+    not restored on domain shutdown leaving it unable to be started again.
+
+  * virtlogd|virtlockd: Fixed crash when upgrading the daemons in-place
+
+    A bug preventing the in-place upgrade of ``virtlogd`` and ``virtlockd``
+    daemons was fixed, so they can again be upgraded without dropping the log
+    file descriptors or locks on files.
+
+
+v7.1.0 (2021-03-01)
+===================
+
+* **Portability**
+
+  * Implement Apple Silicon support
+
+    libvirt now runs on the ARM-based Apple Silicon Macs.
+
+* **New features**
+
+  * Introduce virtio-pmem ``<memory/>`` model
+
+    The virtio-pmem is a virtio variant of NVDIMM and just like NVDIMM
+    virtio-pmem also allows accessing host pages bypassing guest page cache.
+
+  * Introduce ``<boot order/>`` for ``<filesystem>``
+
+    Booting is possible from virtiofs filesystems. Introduce an option
+    to control the boot order, like we do for other bootable devices.
+
+  * hyperv: implement new APIs
+
+    The ``virDomainUndefine()``, ``virDomainUndefineFlags()``,
+    ``virDomainDefineXML()``, ``virDomainAttachDevice()``, and
+    ``virDomainAttachDeviceFlags()``, ``virConnectListAllNetworks()``,
+    ``virConnectNumOfNetworks()``, ``virNetworkLookupByName()``,
+    ``virNetworkLookupByUUID()``, ``virConnectNumOfDefinedNetworks()``,
+    ``virConnectListDefinedNetworks()``, ``virNetworkGetAutostart()``,
+    ``virNetworkIsActive()``, ``virNetworkIsPersistent()``,
+    ``virNetworkGetXMLDesc()``, and ``virDomainScreenshot()``, APIs have been
+    implemented in the Hyper-V driver.
+
+  * Support <teaming> element in plain <hostdev> devices
+
+    This is useful when libvirt doesn't have the privileges necessary
+    to set the hostdev device's MAC address (which is a necessary
+    part of the alternate <interface type='hostdev'>).
+
+  * Introduce ``<disk type='vhostuser'>`` support
+
+    Introduces support for QEMU vhost-user-blk device that can be used
+    to access storage exported via the vhost-user protocol by daemons such
+    as the ``qemu-storage-daemon``.
+
+* **Bug fixes**
+
+  * qemu: Fix disk quiescing rollback when creating external snapshots
+
+   If the qemu guest agent call to freeze filesystems failed when creating
+   an external snapshot with ``VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE`` flag the
+   filesystems would be unconditionally thawed. This could cause problems when
+   the filesystems were frozen by an explicit call to ``virDomainFSFreeze``
+   since the guest agent then rejects any further freeze attempts once are
+   filesystems frozen, an explicit freeze followed by a quiesced snapshot
+   would fail and thaw filesystems.
+
+   Users are also encouraged to use ``virDomainFSFreeze/Thaw`` manually instead
+   of relying on ``VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE`` if they need finer
+   grained control.
+
+  * cgroups: Fix how we setup and configure cgroups on hosts with systemd
+
+    When libvirt is running on host with systemd we register every VM with
+    machined which creates the VM root cgroup for us as well. Before this fix
+    we were directly modifying files in the VM root cgroup which was incorrect
+    because all the files are managed by systemd. The implication was that any
+    change done by libvirt to cgroup attributes supported by systemd could be
+    removed which happens for example by running ``systemctl daemon-reload``.
+
+    To fix the issue libvirt now uses DBus calls for some of the cgroup
+    attributes that distribute the resources proportionally to the cgroup
+    siblings and for the rest we have a new sub-cgroup that libvirt can
+    managed directly.
+
+    For more details why this is necessary see
+    `systemd cgroup <https://systemd.io/CGROUP_DELEGATION/>`_ documentation.
+
+  * qemu: Fix swtpm device with aarch64
+
+    The TPM TIS device name for x86 is ``tpm-tis``, whereas for aarch64 it is
+    ``tpm-tis-device``. Fix the use of TPM TIS device with aarch64 by using
+    the proper device name when building the QEMU command line.
+
+  * libxl: Fix domain shutdown
+
+    Commit fa30ee04a2 introduced the possibility of a race between the
+    shutdown and death threads used to process domain shutdown and death
+    events from libxl. On normal domain shutdown the shutdown thread handles
+    all aspects of shutting down and cleaning up the domain. The death
+    thread is only used to handle out-of-band domain destruction and is
+    inhibited when domain shutdown is under libvirt's control. The race is
+    avoided by also inhibiting the death thread when libvirt starts the
+    shutdown thread.
+
+
+v7.0.0 (2021-01-15)
+===================
+
+* **Project governance**
+
+  * Formal handover of release tarball signing
+
+    Starting from libvirt-6.6 the release tarballs are signed by Jiří Denemark.
+    Releases starting with 7.0 contain a note from the previous maintainer
+    Daniel Veillard offically handing over the signing of packages so that the
+    transition can be verified.
+
+* **New features**
+
+  * nodedev: Add node device driver support for AP devices
+
+    Add support for detecting and listing Adjunct Processor(AP) cards, AP
+    queues and AP matrix devices (which are capable of MDEV) of a KVM host
+    system in libvirt node device driver with correct object relationships.
+
+  * qemu: Allow control of ``qcow2`` metadata cache
+
+    In specific usecases such as when massive storage images are used it's
+    possible to achieve better performance by increasing the metadata cache
+    size. The new knob allows advanced users setting the size according to
+    qemu's documentation to suit their image.
+
+  * conf: Add support for keeping TPM emulator state
+
+    Currently, swtpm TPM state file is removed when a transient domain is
+    powered off or undefined. Add per-TPM emulator option ``persistent_state``
+    for keeping TPM state.
+
+* **Improvements**
+
+  * qemu: Discourage users from polling ``virDomainGetBlockJobInfo`` for block
+    job completion
+
+    Document that waiting for events is a more robust solution.
+
+  * secret: Relax XML schema for the ``usage`` name of a ``secret``
+
+    Various bits of documentation of how to use libvirt with RBD volumes used
+    an usage name which would not pass the XML validation. Relax the requirement
+    to make such XMLs valid.
+
+  * virnetdevopenvswitch: Various improvements
+
+    The code that handles ``<interface type='vhostuser'/>`` was given various
+    improvements. So far, libvirt assumed vhostuser interfaces are handled
+    exclusively by OpenVSwitch and refused to start a guest if it was not so.
+    Now a guest can be started successfully even if the interface is created by
+    some other tool (e.g. ``dpdk-testpmd``). Also, the code that detects the
+    interface name was adapted to new versions of OpenVSwitch and thus can
+    detect name more reliably.
+
+  * qemu: Report guest disks informations in ``virDomainGetGuestInfo``
+
+    Libvirt is now able to report disks and filesystems from the guest's
+    perspective (using guest agent). And with sufficiently new guest agent
+    (5.3.0 or newer) the API also handles disks on CCW bus.
+
+* **Bug fixes**
+
+  * qemu: Fix logic bug in inactive snapshot deletion
+
+    This release fixes a bug introduced in libvirt-6.9 where libvirt's
+    snapshot metadata would not be deleted on successful snapshot deletion.
+
+  * qemu: Fix VMs with ``<iotune>`` on an empty cdrom
+
+    Specifying ``<iotune>`` for an empty cdrom would prevent the VM from
+    starting as qemu doesn't accept the tuning for an empty drive. We now
+    postpone setting the parameters until a new media is inserted.
+
+  * Avoid taking extra host memory when launching pSeries guests
+
+    Under certain conditions, pSeries guests were being launched with more
+    RAM than it was specified in the domain XML by the user. New pSeries
+    domains created with libvirt 7.0.0 will always launch with the right
+    amount of initial memory. Existing guests that migrate from an older
+    libvirt version to 7.0.0 will not be affected by this change.
+
+  * qemu: Don't cache NUMA caps
+
+    ``virsh capabilities`` contains ``<topology/>`` section which reports NUMA
+    topology among with amount of free hugepages per each NUMA node. However,
+    these amounts were not updated between calls.
+
+  * networkGetDHCPLeases: Handle leases with infinite expiry time
+
+    Since libvirt-6.3.0 it is possible to configure expiry time for DHCP
+    leases. If the expiry time was infinite then ``virsh net-dhcp-leases``
+    and NSS plugins refused to work.
+
+  * qemu: Don't prealloc mem for real NVDIMMs
+
+    If a real life NVDIMM is assigned to a guest via ``<memory model='nvdimm'/>``
+    then QEMU is no longer instructed to preallocate memory
+    for it. This prevents unnecessary wear on the NVDIMM.
+
+  * network: Introduce mutex for bridge name generation
+
+    When new libvirt network is defined or created and the input XML does not
+    contain any bridge name, libvirt generates one. However, it might have
+    happened that the same name would be generated for different networks if
+    two or more networks were defined/created at once.
+
+
+v6.10.0 (2020-12-01)
+====================
+
+* **Security**
+
+  * qemu: Enable client TLS certificate validation by default for ``chardev``,
+    ``migration``, and ``backup`` servers.
+
+  The default value if qemu.conf options ``chardev_tls_x509_verify``,
+  ``migrate_tls_x509_verify``, or  ``backup_tls_x509_verify`` are not specified
+  explicitly in the config file and also the ``default_tls_x509_verify`` config
+  option is missing are now '1'. This ensures that only legitimate clients
+  access servers, which don't have any additional form of authentication.
+
+* **New features**
+
+  * qemu: Implement OpenSSH authorized key file management APIs
+
+    New APIs (``virDomainAuthorizedSSHKeysGet()`` and
+    ``virDomainAuthorizedSSHKeysSet()``) and virsh commands
+    (``get-user-sshkeys`` and ``set-user-sshkeys``) are added to manage
+    authorized_keys SSH file for user.
+
+  * hyperv: implement new APIs
+
+    The ``virDomainGetMaxMemory()``, ``virDomainSetMaxMemory()``,
+    ``virDomainGetSchedulerType()``, ``virDomainGetSchedulerParameters()``,
+    ``virDomainGetSchedulerParametersFlags()``, ``virDomainGetVcpus()``,
+    ``virDomainGetVcpusFlags()``, ``virDomainGetMaxVcpus()``,
+    ``virDomainSetVcpus()``, and ``virDomainSetVcpusFlags()`` APIs have been
+    implemented in the Hyper-V driver.
+
+* **Improvements**
+
+  * virsh: Support network disks in ``virsh attach-disk``
+
+    The ``virsh attach-disk`` helper command which simplifies attaching of disks
+    without the need for the user to formulate the disk XML manually now
+    supports network-backed images. Users can specify the protocol and host
+    specification with new command line arguments. Please refer to the man
+    page of virsh for further information.
+
+* **Bug fixes**
+
+  * remote: fixed performance regression in SSH tunnelling
+
+    The ``virt-ssh-helper`` binary introduced in 6.8.0 had very
+    poor scalability which impacted libvirt tunnelled migration
+    and storage volume upload/download in particular. It has been
+    updated and now has performance on par with netcat.
+
+* **Removed features**
+
+  * hyperv: removed support for the Hyper-V V1 WMI API
+
+    This drops support for Windows Server 2008R2 and 2012.
+    The earliest supported version is now Windows 2012R2.
+
+
+v6.9.0 (2020-11-02)
+===================
+
+* **New features**
+
+  * nodedev: Add support for channel subsystem (CSS) devices on S390
+
+    A CSS device is represented as a parent device of a CCW device.
+    This support allows to create vfio-ccw mediated devices with
+    ``virNodeDeviceCreateXML()``.
+
+  * qemu: Implement memory failure event
+
+    New event is implemented that is emitted whenever a guest encounters a
+    memory failure.
+
+  * qemu: Implement support for ``<transient/>`` disks
+
+    VMs based on the QEMU hypervisor now can use ``<transient/>`` option for
+    local file-backed disks to configure a disk which discards changes made to
+    it while the VM was active.
+
+  * hyperv: implement new APIs
+
+    The ``virConnectGetCapabilities()``, ``virConnectGetMaxVcpus()``,
+    ``virConnectGetVersion()``, ``virDomainGetAutostart()``,
+    ``virDomainSetAutostart()``, ``virNodeGetFreeMemory()``,
+    ``virDomainReboot()``, ``virDomainReset()``, ``virDomainShutdown()``, and
+    ``virDomainShutdownFlags()`` APIs have been implemented in the Hyper-V
+    driver.
+
+  * bhyve: implement virtio-9p filesystem support
+
+    Implement virito-9p shared filesystem using the ``<filesystem/>`` element.
+
+  * qemu: Add support for vDPA network devices.
+
+    VMs using the QEMU hypervisor can now specify vDPA network devices
+    using ``<interface type='vdpa'>``. The node device APIs also now
+    list and provide XML descriptions for vDPA devices.
+
+* **Bug fixes**
+
+  * hyperv: ensure WQL queries work in all locales
+
+    Relying on the "Description" field caused queries to fail on non-"en-US"
+    systems. The queries have been updated to avoid using localized strings.
+
+  * rpc: Fix ``virt-ssh-helper`` detection
+
+    libvirt 6.8.0 failed to correctly detect the availability of the new
+    ``virt-ssh-helper`` command on the remote host, and thus always used the
+    fallback instead; this has now been fixed.
+
+
+v6.8.0 (2020-10-01)
+===================
+
+* **Security**
+
+  * qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c
+
+    Clients connecting to the read-write socket with limited ACL permissions
+    may be able to crash the libvirt daemon, resulting in a denial of service,
+    or potentially escalate their privileges on the system. CVE-2020-25637.
+
+* **New features**
+
+  * xen: Add ``writeFiltering`` attribute for PCI devices
+
+    By default Xen filters guest writes to the PCI configuration space of a
+    PCI hostdev, which may cause problems for some devices. The ``writeFiltering``
+    attribute of the device's ``<source>`` element can be used to disable the
+    filtering and allow all guest writes to the configuration space.
+
+  * bhyve: Support setting the framebuffer resolution
+
+    Libvirt can now set the framebuffer's "w" and "h" parameters
+    using the ``resolution`` element.
+
+  * bhyve: Support VNC password authentication
+
+    Libvirt can now probe whether the bhyve binary supports
+    VNC password authentication. In case it does, a VNC password
+    can now be passed using the ``passwd`` attribute on
+    the ``<graphics>`` element.
+
+  * remote: ``virt-ssh-helper`` replaces ``nc`` for SSH tunnelling
+
+    Libvirt now provides a ``virt-ssh-helper`` binary on the server
+    side. The libvirt remote client will use this binary for setting
+    up an SSH tunnelled connection to hosts. If not present, it will
+    transparently fallback to the traditional ``nc`` tunnel. The new
+    binary makes it possible for libvirt to transparently connect
+    across hosts even if libvirt is built with a different installation
+    prefix on the client vs server. It also enables remote access to
+    the unprivileged per-user libvirt daemons (e.g. using a URI such as
+    ``qemu+ssh://hostname/session``). The only requirement is that
+    ``virt-ssh-helper`` is present in ``$PATH`` of the remote host.
+
+  * esx: implement few APIs
+
+    The ``virConnectListAllNetworks()``, ``virDomainGetHostname()``, and
+    ``virDomainInterfaceAddresses()`` (only for
+    ``VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT`` source) APIs were implemented
+    in the esx driver.
+
+* **Improvements**
+
+  * qemu: Allow migration over UNIX sockets
+
+    QEMU migration can now be performed completely over UNIX sockets. This is
+    useful for containerised scenarios and can be used in both peer2peer and
+    direct migrations.
+
+  * dbus: Use GLib implementation instead of libdbus
+
+    Adopting GLib DBus implementation simplifies our code as libdbus provides
+    low-level APIs where we had to have a lot of helper functions. With this
+    change we also remove dependency on libdbus and possibly fix all the DBus
+    related libvirtd crashes seen over the time.
+
+  * Re-introduce NVDIMM auto-alignment for pSeries Guests
+
+    The auto-alignment logic was removed in v6.7.0 in favor of requiring the
+    size provided by the user to be already aligned; however, this had the
+    unintended consequence of breaking some existing guests. v6.8.0 restores
+    the previous behavior with an improvement: it also reflects the auto-aligned
+    value in the domain XML.
+
+  * qemu: Preserve qcow2 cluster size after external snapshots
+
+    The new overlay image which is installed on top of the current chain when
+    taking an external snapshot now preserves the cluser size of the original
+    top image to preserve any performance tuning done on the original image.
+
+* **Bug fixes**
+
+  * qemu: Various (i)SCSI backed hostdev fixes
+
+    (i)SCSI backed hostdevs now work again with an arbitrarily long
+    user-specified device alias and also honor the 'readonly' property after a
+    recent rewrite.
+
+* **Removed features**
+
+  * node_device: Remove HAL node device backend
+
+    HAL is deprecated on all supported OS so there is no need to keep it
+    in libvirt. udev backend is used on Linux OSes and devd can be eventually
+    implemented as replacement for FreeBSD.
+
+
+v6.7.0 (2020-09-01)
 ===================

 * **Packaging changes**
@@ -61,6 +571,11 @@ v6.7.0 (unreleased)
    forbidden and no size auto-alignment will be made. Instead, libvirt will
    suggest an aligned round up size for the user.

+  * apparmor: Several improvements
+
+    Add support for virtiofs filesystem and allow QEMU to load old
+    shared objects after upgrade.
+
 * **Bug fixes**

  * virdevmapper: Deal with kernels without DM support
@@ -100,6 +615,14 @@ v6.7.0 (unreleased)
    implementation. But the implementation did not handle kernels without
    device-mapper support. This is now fixed.

+  * remove autogenerated macvtap names from migration XML
+
+    Autogenerated macvtap device names were being left in the
+    migration XML, which could result in libvirt erroneously deleting
+    the macvtap device of a different guest in the aftermath of
+    failing to restart the guest on the destination host. Removing the
+    autogenerated names avoids this.
+

 v6.6.0 (2020-08-02)
 ===================
@@ -283,6 +806,12 @@ v6.4.0 (2020-06-02)
    ``virsh capabilities`` will now include information about the host CPU when
    run on ARM machines.

+  * qemu: support network interface downscript
+
+    QEMU has the ability to run a script when a NIC is brought up and down.
+    Libvirt only enables use of the up script. Now add support for postscript
+    when NIC is down/detached.
+
 * **Improvements**

  * qemu: stricter validation for disk type='lun'
@@ -300,6 +829,8 @@ v6.4.0 (2020-06-02)
    already does in these cases. Users are encouraged to provide complete NUMA
    topologies to avoid unexpected changes in the domain XML.

+  * Cooperlake x86 CPU model is added
+
 * **Bug fixes**

  * qemu: fixed regression in network device hotplug with new qemu versions
@@ -333,18 +864,12 @@ v6.3.0 (2020-05-05)

 * **New features**

-  * qemu: support network interface downscript
-
-    QEMU has the ability to run a script when a NIC is brought up and down.
-    Libvirt only enables use of the up script. Now add support for postscript
-    when NIC is down/detached.
-
  * qemu: support disabling hotplug/unplug of PCIe devices

    libvirt can now set the "hotplug" option for pcie-root-ports and
    pcie-switch-downstream-ports, which can be used to disable hotplug/unplug
    of devices from these ports (default behavior is for these controllers to
-    accept all hotplug/unplug attempts, but this is often undesireable).
+    accept all hotplug/unplug attempts, but this is often undesirable).

  * vbox: added support for version 6.0 and 6.1 APIs

@@ -828,7 +1353,7 @@ v5.10.0 (2019-12-02)

  * Forcibly create nodes in domain's namespace

-    The QEMU driver starts a domain in a namepsace with private ``/dev`` and
+    The QEMU driver starts a domain in a namespace with private ``/dev`` and
    creates only those nodes there which the domain is configured to have.
    However, it may have happened that if a node changed its minor number this
    change wasn't propagated to the namespace.
@@ -1131,7 +1656,7 @@ v5.6.0 (2019-08-05)

  * network: Allow passing arbitrary options to dnsmasq

-    This works similarly to the existing support for passing arbitary options
+    This works similarly to the existing support for passing arbitrary options
    to QEMU, and just like that feature it comes with no support guarantees.

 * **Removed features**
@@ -2145,7 +2670,7 @@ v4.4.0 (2018-06-04)

 * **Improvements**

-  * qemu: Add suport for OpenGL rendering with SDL
+  * qemu: Add support for OpenGL rendering with SDL

    Domains using SDL as a graphics backend will now be able to use OpenGL
    accelerated rendering.
--- a/build-aux/Makefile.in
+++ b/build-aux/Makefile.in
@@ -5,6 +5,7 @@ top_builddir = @top_builddir@
 FLAKE8 = @flake8_path@
 RUNUTF8 = @runutf8@
 PYTHON = @PYTHON3@
+GREP = @GREP@

 # include syntax-check.mk file
 include $(top_srcdir)/build-aux/syntax-check.mk
--- a/build-aux/check-spacing.pl
+++ b/build-aux/check-spacing.pl
@@ -24,11 +24,6 @@ my $ret = 0;
 my $incomment = 0;

 foreach my $file (@ARGV) {
-    # Per-file variables for multiline Curly Bracket (cb_) check
-    my $cb_linenum = 0;
-    my $cb_code = "";
-    my $cb_scolon = 0;
-
    open FILE, $file;

    while (defined (my $line = <FILE>)) {
@@ -160,37 +155,6 @@ foreach my $file (@ARGV) {
            print "$file:$.: $line";
            $ret = 1;
        }
-
-        # One line conditional statements with one line bodies should
-        # not use curly brackets.
-        if ($data =~ /^\s*(if|while|for)\b.*\{$/) {
-            $cb_linenum = $.;
-            $cb_code = $line;
-            $cb_scolon = 0;
-        }
-
-        # We need to check for exactly one semicolon inside the body,
-        # because empty statements (e.g. with comment only) are
-        # allowed
-        if ($cb_linenum == $. - 1 && $data =~ /^[^;]*;[^;]*$/) {
-            $cb_code .= $line;
-            $cb_scolon = 1;
-        }
-
-        if ($data =~ /^\s*}\s*$/ &&
-            $cb_linenum == $. - 2 &&
-            $cb_scolon) {
-
-            print "Curly brackets around single-line body:\n";
-            print "$file:$cb_linenum-$.:\n$cb_code$line";
-            $ret = 1;
-
-            # There _should_ be no need to reset the values; but to
-            # keep my inner peace...
-            $cb_linenum = 0;
-            $cb_scolon = 0;
-            $cb_code = "";
-        }
    }
    close FILE;
 }
--- a/build-aux/meson.build
+++ b/build-aux/meson.build
@@ -10,18 +10,32 @@ syntax_check_conf.set('flake8_path', flake8_path)
 syntax_check_conf.set('runutf8', ' '.join(runutf8))
 syntax_check_conf.set('PYTHON3', python3_prog.path())

+
+grep_prog = find_program('grep')
+
+if host_machine.system() == 'freebsd'
+  make_prog = find_program('gmake')
+
+  grep_cmd = run_command(grep_prog, '--version')
+  if grep_cmd.stdout().startswith('grep (BSD grep')
+    grep_prog = find_program('/usr/local/bin/grep')
+    grep_cmd = run_command(grep_prog, '--version')
+    if grep_cmd.stdout().startswith('grep (BSD grep')
+      error('GNU grep not found')
+    endif
+  endif
+else
+  make_prog = find_program('make')
+endif
+
+syntax_check_conf.set('GREP', grep_prog.path())
+
 configure_file(
  input: 'Makefile.in',
  output: '@BASENAME@',
  configuration: syntax_check_conf,
 )

-if host_machine.system() == 'freebsd'
-  make_prog = find_program('gmake')
-else
-  make_prog = find_program('make')
-endif
-
 rc = run_command(
  'sed', '-n',
  's/^\\(sc_[a-zA-Z0-9_-]*\\):.*/\\1/p',
--- a/build-aux/syntax-check.mk
+++ b/build-aux/syntax-check.mk
@@ -27,8 +27,15 @@ ME := build-aux/syntax-check.mk
 # of the module description. But some packages import this file directly,
 # ignoring the module description.
 AWK ?= awk
-GREP ?= grep
+# FreeBSD (and probably some other OSes too) ships own version of sed(1), not
+# compatible with the GNU sed. GNU sed is available as gsed(1), so use this
+# instead
+UNAME := $(shell uname)
+ifeq ($(UNAME),FreeBSD)
+SED ?= gsed
+else
 SED ?= sed
+endif

 # Helper variables.
 _empty =
@@ -482,11 +489,6 @@ sc_prohibit_gettext_noop:
 	halt='use N_, not gettext_noop' \
 	  $(_sc_search_regexp)

-sc_prohibit_VIR_ERR_NO_MEMORY:
-	@prohibit='\<VIR_ERR_NO_MEMORY\>' \
-	halt='use virReportOOMError, not VIR_ERR_NO_MEMORY' \
-	  $(_sc_search_regexp)
-
 sc_prohibit_PATH_MAX:
 	@prohibit='\<PATH_MAX\>' \
 	halt='dynamically allocate paths, do not use PATH_MAX' \
@@ -495,6 +497,7 @@ sc_prohibit_PATH_MAX:
 include $(top_srcdir)/build-aux/Makefile.nonreentrant
 sc_prohibit_nonreentrant:
 	@prohibit="\\<(${NON_REENTRANT_RE}) *\\(" \
+	exclude='exempt from syntax-check' \
 	halt="use re-entrant functions (usually ending with _r)" \
 	  $(_sc_search_regexp)

@@ -874,8 +877,10 @@ FLAKE8_IGNORE = E501,W504

 sc_flake8:
 	@if [ -n "$(FLAKE8)" ]; then \
-		$(VC_LIST_EXCEPT) | $(GREP) '\.py$$' | xargs \
-			$(FLAKE8) --ignore $(FLAKE8_IGNORE) --show-source; \
+		DOT_PY=$$($(VC_LIST_EXCEPT) | $(GREP) '\.py$$'); \
+		BANG_PY=$$($(VC_LIST_EXCEPT) | xargs grep -l '^#!/usr/bin/env python3$$'); \
+		ALL_PY=$$(printf "%s\n%s" "$$DOT_PY" "$$BANG_PY" | sort -u); \
+		echo "$$ALL_PY" | xargs $(FLAKE8) --ignore $(FLAKE8_IGNORE) --show-source; \
 	else \
 		echo '$(ME): skipping test $@: flake8 not installed' 1>&2; \
 	fi
@@ -1047,10 +1052,10 @@ sc_prohibit_sysconf_pagesize:
 	halt='use virGetSystemPageSize[KB] instead of sysconf(_SC_PAGESIZE)' \
 	  $(_sc_search_regexp)

-sc_prohibit_virSecurity:
+sc_prohibit_virSecurityManager:
 	@$(VC_LIST_EXCEPT) | $(GREP) 'src/qemu/' | \
 		$(GREP) -v 'src/qemu/qemu_security' | \
-		xargs $(GREP) -Pn 'virSecurityManager(?!Ptr)' /dev/null && \
+		xargs $(GREP) -Pn 'virSecurityManager\S*\(' /dev/null && \
 		{ echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || :

 sc_prohibit_pthread_create:
@@ -1397,8 +1402,8 @@ sc_require_config_h_first:
 	else :;								\
 	fi

-sc_prohibit_HAVE_MBRTOWC:
-	@prohibit='\bHAVE_MBRTOWC\b'					\
+sc_prohibit_WITH_MBRTOWC:
+	@prohibit='\bWITH_MBRTOWC\b'					\
 	halt="do not use $$prohibit; it is always defined"		\
 	  $(_sc_search_regexp)

@@ -1617,8 +1622,8 @@ sc_unmarked_diagnostics:


 sc_prohibit_defined_have_decl_tests:
-	@prohibit='(#[	 ]*ifn?def|\<defined)\>[	 (]+HAVE_DECL_'	\
-	halt='HAVE_DECL macros are always defined'			\
+	@prohibit='(#[	 ]*ifn?def|\<defined)\>[	 (]+WITH_DECL_'	\
+	halt='WITH_DECL macros are always defined'			\
 	  $(_sc_search_regexp)

 # ==================================================================
@@ -1801,7 +1806,7 @@ sc_po_check:
 	  rm -f $@-1 $@-2;						\
 	fi

-# #if HAVE_... will evaluate to false for any non numeric string.
+# #if WITH_... will evaluate to false for any non numeric string.
 # That would be flagged by using -Wundef, however gnulib currently
 # tests many undefined macros, and so we can't enable that option.
 # So at least preclude common boolean strings as macro values.
@@ -1864,7 +1869,7 @@ sc_group-qemu-caps:
 # List all syntax-check exemptions:
 exclude_file_name_regexp--sc_avoid_strcase = ^tools/vsh\.h$$

-_src1=libvirt-stream|qemu/qemu_monitor|util/vir(command|file|fdstream)|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon
+_src1=libvirt-stream|qemu/qemu_monitor|util/vir(command|file|fdstream)|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon|remote/remote_ssh_helper
 _test1=shunloadtest|virnettlscontexttest|virnettlssessiontest|vircgroupmock|commandhelper
 exclude_file_name_regexp--sc_avoid_write = \
  ^(src/($(_src1))|tools/virsh-console|tests/($(_test1)))\.c$$
@@ -1887,9 +1892,6 @@ exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \

 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$|tests/commandtest.c$$)

-exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
-  ^(build-aux/syntax-check\.mk|include/libvirt/virterror\.h|src/remote/remote_daemon_dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$
-
 exclude_file_name_regexp--sc_prohibit_PATH_MAX = \
 	^build-aux/syntax-check\.mk$$

@@ -1911,7 +1913,7 @@ exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
  (^(src/(util/(vircommand|virdaemon)|lxc/lxc_controller)|tests/testutils)\.c$$)

-exclude_file_name_regexp--sc_prohibit_gethostname = ^src/util/vir(util|log)\.c$$
+exclude_file_name_regexp--sc_prohibit_gethostname = ^src/util/virutil\.c$$

 exclude_file_name_regexp--sc_prohibit_internal_functions = \
  ^src/(util/(viralloc|virutil|virfile)\.[hc]|esx/esx_vi\.c)$$
--- a/ci/Makefile
+++ b/ci/Makefile
@@ -20,30 +20,6 @@ CI_HOST_SRCDIR = $(CI_SCRATCHDIR)/src
 # the $(CI_HOST_SRCDIR) directory from the host
 CI_CONT_SRCDIR = $(CI_USER_HOME)/libvirt

-# Relative directory to perform the build in. This
-# defaults to using a separate build dir, but can be
-# set to empty string for an in-source tree build.
-CI_VPATH = build
-
-# The directory holding the build output inside the
-# container.
-CI_CONT_BUILDDIR = $(CI_CONT_SRCDIR)/$(CI_VPATH)
-
-# Can be overridden with mingw{32,64}-configure if desired
-CI_CONFIGURE = $(CI_CONT_SRCDIR)/configure
-
-# Default to using all possible CPUs
-CI_SMP = $(shell getconf _NPROCESSORS_ONLN)
-
-# Any extra arguments to pass to make
-CI_MAKE_ARGS =
-
-# Any extra arguments to pass to configure
-CI_CONFIGURE_ARGS =
-
-# Script containing environment preparation steps
-CI_PREPARE_SCRIPT = $(CI_ROOTDIR)/prepare.sh
-
 # Script containing build instructions
 CI_BUILD_SCRIPT = $(CI_ROOTDIR)/build.sh

@@ -66,15 +42,15 @@ CI_CLEAN = 1
 # preserved env
 CI_REUSE = 0

-# We need the container process to run with current host IDs
-# so that it can access the passed in build directory
-CI_UID = $(shell id -u)
-CI_GID = $(shell id -g)
-
-# We also need the user's login and home directory to prepare the
+# We need the user's login and home directory to prepare the
 # environment the way some programs expect it
-CI_USER_LOGIN = $(shell echo "$$USER")
-CI_USER_HOME = $(shell echo "$$HOME")
+CI_USER_LOGIN = $(shell whoami)
+CI_USER_HOME = $(shell eval echo "~$(CI_USER_LOGIN)")
+
+# We also need the container process to run with current host IDs
+# so that it can access the passed in build directory
+CI_UID = $(shell id -u "$(CI_USER_LOGIN)")
+CI_GID = $(shell id -g "$(CI_USER_LOGIN)")

 CI_ENGINE = auto
 # Container engine we are going to use, can be overridden per make
@@ -103,7 +79,6 @@ CI_HOME_MOUNTS = \
 	$(NULL)

 CI_SCRIPT_MOUNTS = \
-	--volume $(CI_SCRATCHDIR)/prepare:$(CI_USER_HOME)/prepare:z \
 	--volume $(CI_SCRATCHDIR)/build:$(CI_USER_HOME)/build:z \
 	$(NULL)

@@ -146,14 +121,16 @@ ifeq ($(CI_ENGINE),podman)
 	CI_UID_OTHER_RANGE = $(shell echo $$(($(CI_MAX_UID)-$(CI_UID))))
 	CI_GID_OTHER_RANGE = $(shell echo $$(($(CI_MAX_GID)-$(CI_GID))))

-	CI_PODMAN_ARGS = \
-		--uidmap 0:1:$(CI_UID) \
-		--uidmap $(CI_UID):0:1 \
-		--uidmap $(CI_UID_OTHER):$(CI_UID_OTHER):$(CI_UID_OTHER_RANGE) \
-		--gidmap 0:1:$(CI_GID) \
-		--gidmap $(CI_GID):0:1 \
-		--gidmap $(CI_GID_OTHER):$(CI_GID_OTHER):$(CI_GID_OTHER_RANGE) \
-		$(NULL)
+	ifneq ($(CI_UID), 0)
+		CI_PODMAN_ARGS = \
+			--uidmap 0:1:$(CI_UID) \
+			--uidmap $(CI_UID):0:1 \
+			--uidmap $(CI_UID_OTHER):$(CI_UID_OTHER):$(CI_UID_OTHER_RANGE) \
+			--gidmap 0:1:$(CI_GID) \
+			--gidmap $(CI_GID):0:1 \
+			--gidmap $(CI_GID_OTHER):$(CI_GID_OTHER):$(CI_GID_OTHER_RANGE) \
+			$(NULL)
+	endif
 endif

 # Args to use when cloning a git repo.
@@ -171,6 +148,8 @@ CI_GIT_ARGS = \
 #   --user    we execute as the same user & group account
 #             as dev so that file ownership matches host
 #             instead of root:root
+#   --workdir we change to user's home dir in the container
+#             before running the workload
 #   --volume  to pass in the cloned git repo & config
 #   --ulimit  lower files limit for performance reasons
 #   --interactive
@@ -179,6 +158,11 @@ CI_ENGINE_ARGS = \
 	--rm \
 	--interactive \
 	--tty \
+	--user "$(CI_UID)":"$(CI_GID)" \
+	--workdir "$(CI_USER_HOME)" \
+	--env CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
+	--env CI_MESON_ARGS="$(CI_MESON_ARGS)" \
+	--env CI_NINJA_ARGS="$(CI_NINJA_ARGS)" \
 	$(CI_PODMAN_ARGS) \
 	$(CI_PWDB_MOUNTS) \
 	$(CI_HOME_MOUNTS) \
@@ -199,9 +183,8 @@ ci-prepare-tree: ci-check-engine
 		cp /etc/passwd $(CI_SCRATCHDIR); \
 		cp /etc/group $(CI_SCRATCHDIR); \
 		mkdir -p $(CI_SCRATCHDIR)/home; \
-		cp "$(CI_PREPARE_SCRIPT)" $(CI_SCRATCHDIR)/prepare; \
 		cp "$(CI_BUILD_SCRIPT)" $(CI_SCRATCHDIR)/build; \
-		chmod +x "$(CI_SCRATCHDIR)/prepare" "$(CI_SCRATCHDIR)/build"; \
+		chmod +x "$(CI_SCRATCHDIR)/build"; \
 		echo "Cloning $(CI_GIT_ROOT) to $(CI_HOST_SRCDIR)"; \
 		git clone $(CI_GIT_ARGS) $(CI_GIT_ROOT) $(CI_HOST_SRCDIR) || exit 1; \
 		for mod in $$(git submodule | awk '{ print $$2 }' | sed -E 's,^../,,g') ; \
@@ -213,21 +196,10 @@ ci-prepare-tree: ci-check-engine
 	fi

 ci-run-command@%: ci-prepare-tree
-	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
-		/bin/bash -c ' \
-		$(CI_USER_HOME)/prepare || exit 1; \
-		sudo \
-		  --login \
-		  --user="#$(CI_UID)" \
-		  --group="#$(CI_GID)" \
-		  CONFIGURE_OPTS="$$CONFIGURE_OPTS" \
-		  CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
-		  CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \
-		  CI_SMP="$(CI_SMP)" \
-		  CI_CONFIGURE="$(CI_CONFIGURE)" \
-		  CI_CONFIGURE_ARGS="$(CI_CONFIGURE_ARGS)" \
-		  CI_MAKE_ARGS="$(CI_MAKE_ARGS)" \
-		  $(CI_COMMAND) || exit 1'
+	$(CI_ENGINE) run \
+		$(CI_ENGINE_ARGS) \
+		$(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
+		$(CI_COMMAND)
 	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :

 ci-shell@%:
@@ -236,36 +208,38 @@ ci-shell@%:
 ci-build@%:
 	$(MAKE) -C $(CI_ROOTDIR) ci-run-command@$* CI_COMMAND="$(CI_USER_HOME)/build"

-ci-check@%:
-	$(MAKE) -C $(CI_ROOTDIR) ci-build@$* CI_MAKE_ARGS="check"
-
-ci-list-images:
-	@echo
-	@echo "Available x86 container images:"
-	@echo
-	@sh list-images.sh "$(CI_IMAGE_PREFIX)" | grep -v cross
-	@echo
-	@echo "Available cross-compiler container images:"
-	@echo
-	@sh list-images.sh "$(CI_IMAGE_PREFIX)" | grep cross
-	@echo
+ci-test@%:
+	$(MAKE) -C $(CI_ROOTDIR) ci-build@$* CI_NINJA_ARGS=test

 ci-help:
+	@echo
+	@echo
+	@echo
+	@echo "      !!!  PLEASE DON'T USE THIS DIRECTLY  !!!"
+	@echo
+	@echo "          Use the ci/helper script instead"
+	@echo
+	@echo "      !!!  PLEASE DON'T USE THIS DIRECTLY  !!!"
+	@echo
+	@echo
+	@echo
 	@echo "Build libvirt inside containers used for CI"
 	@echo
 	@echo "Available targets:"
 	@echo
 	@echo "    ci-build@\$$IMAGE - run a default 'ninja' build"
-	@echo "    ci-check@\$$IMAGE - run a 'ninja test'"
+	@echo "    ci-test@\$$IMAGE  - run a 'ninja test'"
 	@echo "    ci-shell@\$$IMAGE - run an interactive shell"
-	@echo "    ci-list-images  - list available images"
 	@echo "    ci-help         - show this help message"
 	@echo
 	@echo "Available make variables:"
 	@echo
-	@echo "    CI_CLEAN=0          - do not delete '$(CI_SCRATCHDIR)' after completion"
-	@echo "    CI_REUSE=1          - re-use existing '$(CI_SCRATCHDIR)' content"
-	@echo "    CI_ENGINE=auto      - container engine to use (podman, docker)"
-	@echo "    CI_CONFIGURE_ARGS=  - extra arguments passed to configure"
-	@echo "    CI_MAKE_ARGS=       - extra arguments passed to make, e.g. space delimited list of targets"
+	@echo "    CI_CLEAN=0              - do not delete '$(CI_SCRATCHDIR)' after completion"
+	@echo "    CI_REUSE=1              - re-use existing '$(CI_SCRATCHDIR)' content"
+	@echo "    CI_ENGINE=auto          - container engine to use (podman, docker)"
+	@echo "    CI_USER_LOGIN=          - which user should run in the container (default is $$USER)"
+	@echo "    CI_IMAGE_PREFIX=        - override to prefer a locally built image, (default is $(CI_IMAGE_PREFIX))"
+	@echo "    CI_IMAGE_TAG=:latest    - optionally use in conjunction with 'CI_IMAGE_PREFIX'"
+	@echo "    CI_MESON_ARGS=          - extra arguments passed to meson"
+	@echo "    CI_NINJA_ARGS=          - extra arguments passed to ninja"
 	@echo
--- a/ci/build.sh
+++ b/ci/build.sh
@@ -1,3 +1,5 @@
+#!/bin/sh
+
 # This script is used to build libvirt inside the container.
 #
 # You can customize it to your liking, or alternatively use a
@@ -7,32 +9,15 @@
 #
 # to make.

-mkdir -p "$CI_CONT_BUILDDIR" || exit 1
-cd "$CI_CONT_BUILDDIR"
+cd "$CI_CONT_SRCDIR"

 export VIR_TEST_DEBUG=1
-NOCONFIGURE=1 "$CI_CONT_SRCDIR/autogen.sh" || exit 1

-# $CONFIGURE_OPTS is a env that can optionally be set in the container,
+# $MESON_OPTS is an env that can optionally be set in the container,
 # populated at build time from the Dockerfile. A typical use case would
-# be to pass --host/--target args to trigger cross-compilation
-#
-# This can be augmented by make local args in $CI_CONFIGURE_ARGS
-"$CI_CONFIGURE" $CONFIGURE_OPTS $CI_CONFIGURE_ARGS
-if test $? != 0; then
-    test -f config.log && cat config.log
-    exit 1
-fi
-find -name test-suite.log -delete
+# be to pass options to trigger cross-compilation

-make -j"$CI_SMP" $CI_MAKE_ARGS
+meson build --werror $MESON_OPTS $CI_MESON_ARGS || \
+(cat build/meson-logs/meson-log.txt && exit 1)

-if test $? != 0; then \
-    LOGS=$(find -name test-suite.log)
-    if test "$LOGS"; then
-        echo "=== LOG FILE(S) START ==="
-        cat $LOGS
-        echo "=== LOG FILE(S) END ==="
-    fi
-    exit 1
-fi
+ninja -C build $CI_NINJA_ARGS
--- a/ci/cirrus/build.yml
+++ b/ci/cirrus/build.yml
@@ -12,13 +12,13 @@ env:

 build_task:
  install_script:
+    - @UPDATE_COMMAND@
    - @INSTALL_COMMAND@ @PKGS@
-    - @PIP@ install @PYPI_PKGS@
+    - if test -n "@PYPI_PKGS@" ; then @PIP3@ install @PYPI_PKGS@ ; fi
  clone_script:
    - git clone --depth 100 "$CI_REPOSITORY_URL" .
    - git fetch origin "$CI_COMMIT_REF_NAME"
    - git reset --hard "$CI_COMMIT_SHA"
  build_script:
    - meson build --prefix=$(pwd)/install-root
-    - if test "$(uname)" = "FreeBSD"; then ninja -C build dist; fi
-    - if test "$(uname)" = "Darwin"; then ninja -C build && ninja -C build install; fi
+    - ninja -C build dist
--- a/ci/cirrus/freebsd-12.vars
+++ b/ci/cirrus/freebsd-12.vars
@@ -0,0 +1,8 @@
+PACKAGING_COMMAND='pkg'
+CC='/usr/bin/clang'
+CCACHE='/usr/local/bin/ccache'
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PYTHON='/usr/local/bin/python3'
+PIP3='/usr/local/bin/pip-3.7'
+PKGS='augeas avahi bash-completion ca_root_nss ccache cppi curl cyrus-sasl dbus diffutils diskscrub dnsmasq fusefs-libs gettext git glib gmake gnugrep gnutls gsed libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py37-docutils py37-flake8 python3 qemu radvd readline yajl'
--- a/ci/cirrus/freebsd-current.vars
+++ b/ci/cirrus/freebsd-current.vars
@@ -0,0 +1,8 @@
+PACKAGING_COMMAND='pkg'
+CC='/usr/bin/clang'
+CCACHE='/usr/local/bin/ccache'
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PYTHON='/usr/local/bin/python3'
+PIP3='/usr/local/bin/pip-3.7'
+PKGS='augeas avahi bash-completion ca_root_nss ccache cppi curl cyrus-sasl dbus diffutils diskscrub dnsmasq fusefs-libs gettext git glib gmake gnugrep gnutls gsed libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py37-docutils py37-flake8 python3 qemu radvd readline yajl'
--- a/ci/cirrus/libvirt-freebsd-12.vars
+++ b/ci/cirrus/libvirt-freebsd-12.vars
@@ -1,9 +0,0 @@
-PACKAGING_COMMAND='pkg'
-CC='/usr/bin/clang'
-CCACHE='/usr/local/bin/ccache'
-MAKE='/usr/local/bin/gmake'
-NINJA='/usr/local/bin/ninja'
-PYTHON='/usr/local/bin/python3'
-PIP='/usr/local/bin/pip-3.7'
-PKGS='augeas autoconf automake avahi bash bash-completion ca_root_nss ccache chrony cppi curl cyrus-sasl dbus diskscrub dnsmasq fusefs-libs gdb gettext gettext-tools git glib gmake gnutls hal libpcap libpciaccess libssh libssh2 libtool libxml2 libxslt lsof ncurses ninja p5-App-cpanminus patch perl5 pkgconf polkit py37-docutils py37-flake8 py37-pip py37-setuptools py37-wheel python3 qemu-utils radvd readline screen sudo vim yajl'
-PYPI_PKGS='meson==0.54.0'
--- a/ci/cirrus/libvirt-macos-1015.vars
+++ b/ci/cirrus/libvirt-macos-1015.vars
@@ -1,9 +0,0 @@
-PACKAGING_COMMAND='brew'
-CC='/usr/bin/clang'
-CCACHE='/usr/local/bin/ccache'
-MAKE='/usr/local/bin/gmake'
-NINJA='/usr/local/bin/ninja'
-PYTHON='/usr/local/bin/python3'
-PIP='/usr/local/bin/pip3'
-PKGS='augeas autoconf automake bash bash-completion ccache cpanminus cppi curl dbus dnsmasq docutils flake8 gdb gettext git glib gnutls gpatch libiscsi libpcap libssh libssh2 libtool libxml2 libxslt lsof make ncurses ninja perl pkg-config python3 qemu readline rpcgen screen scrub vim xz yajl'
-PYPI_PKGS='meson==0.54.0'
--- a/ci/cirrus/macos-11.vars
+++ b/ci/cirrus/macos-11.vars
@@ -0,0 +1,8 @@
+PACKAGING_COMMAND='brew'
+CC='/usr/bin/clang'
+CCACHE='/usr/local/bin/ccache'
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PYTHON='/usr/local/bin/python3'
+PIP3='/usr/local/bin/pip3'
+PKGS='augeas bash-completion ccache cppi curl dbus diffutils dnsmasq docutils flake8 gettext git glib gnu-sed gnutls grep libiscsi libpcap libssh libssh2 libxml2 libxslt make meson ninja perl pkg-config python3 qemu readline rpcgen scrub yajl'
--- a/ci/cirrus/refresh
+++ b/ci/cirrus/refresh
@@ -1,22 +0,0 @@
-#!/bin/sh
-
-if test -z "$1"
-then
-    echo "syntax: $0 PATH-TO-LCITOOL"
-    exit 1
-fi
-
-LCITOOL=$1
-
-if ! test -x "$LCITOOL"
-then
-    echo "$LCITOOL is not executable"
-    exit 1
-fi
-
-HOSTS=$($LCITOOL hosts | grep -E 'freebsd-12|macos')
-
-for host in $HOSTS
-do
-    $LCITOOL variables "$host" libvirt >"$host.vars"
-done
--- a/ci/containers/README.rst
+++ b/ci/containers/README.rst
@@ -12,3 +12,25 @@ https://gitlab.com/libvirt/libvirt-ci
 The containers are built during the CI process and cached in the GitLab
 container registry of the project doing the build. The cached containers
 can be deleted at any time and will be correctly rebuilt.
+
+
+Coverity scan integration
+=========================
+
+This will be used only by the main repository for master branch by running
+scheduled pipeline in GitLab.
+
+The service is proved by `Coverity Scan`_ and requires that the project is
+registered there to get free coverity analysis which we already have for
+`libvirt project`_.
+
+To run the coverity job it requires two new variables:
+
+  * ``COVERITY_SCAN_PROJECT_NAME``, containing the `libvirt project`_
+    name.
+
+  * ``COVERITY_SCAN_TOKEN``, token visible to admins of `libvirt project`_
+
+
+.. _Coverity Scan: https://scan.coverity.com/
+.. _libvirt project: https://scan.coverity.com/projects/libvirt
--- a/ci/containers/libvirt-centos-7.Dockerfile
+++ b/ci/containers/libvirt-centos-7.Dockerfile
@@ -1,6 +1,13 @@
-FROM centos:7
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile centos-7 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/centos:7

-RUN echo -e '[openvz]\n\
+RUN yum update -y && \
+    echo 'skip_missing_names_on_install=0' >> /etc/yum.conf && \
+    echo -e '[openvz]\n\
 name=OpenVZ addons\n\
 baseurl=https://download.openvz.org/virtuozzo/releases/openvz-7.0.11-235/x86_64/os/\n\
 enabled=1\n\
@@ -31,37 +38,35 @@ WEiJKtQrZDJloqtyi/mmRa1VsV7RYR0VPJjhK/R8EQ7Ysshy\n\
 -----END PGP PUBLIC KEY BLOCK-----' > /etc/pki/rpm-gpg/RPM-GPG-KEY-OpenVZ && \
    rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-OpenVZ && \
    yum install -y epel-release && \
-    yum update -y && \
+    yum install -y centos-release-xen-48 && \
    yum install -y \
        audit-libs-devel \
        augeas \
-        autoconf \
-        automake \
        avahi-devel \
-        bash \
        bash-completion \
        ca-certificates \
        ccache \
-        chrony \
        clang \
        cyrus-sasl-devel \
        dbus-devel \
        device-mapper-devel \
+        diffutils \
        dnsmasq \
        dwarves \
        ebtables \
+        firewalld-filesystem \
        fuse-devel \
        gcc \
-        gdb \
        gettext \
-        gettext-devel \
        git \
        glib2-devel \
        glibc-common \
        glibc-devel \
        glusterfs-api-devel \
        gnutls-devel \
+        grep \
        iproute \
+        iptables \
        iscsi-initiator-utils \
        kmod \
        libacl-devel \
@@ -79,16 +84,13 @@ WEiJKtQrZDJloqtyi/mmRa1VsV7RYR0VPJjhK/R8EQ7Ysshy\n\
        libssh-devel \
        libssh2-devel \
        libtirpc-devel \
-        libtool \
        libudev-devel \
        libwsman-devel \
        libxml2 \
        libxml2-devel \
        libxslt \
-        lsof \
        lvm2 \
        make \
-        net-tools \
        netcf-devel \
        nfs-utils \
        ninja-build \
@@ -96,9 +98,7 @@ WEiJKtQrZDJloqtyi/mmRa1VsV7RYR0VPJjhK/R8EQ7Ysshy\n\
        numad \
        parted \
        parted-devel \
-        patch \
        perl \
-        perl-App-cpanminus \
        pkgconfig \
        polkit \
        python3 \
@@ -111,29 +111,25 @@ WEiJKtQrZDJloqtyi/mmRa1VsV7RYR0VPJjhK/R8EQ7Ysshy\n\
        readline-devel \
        rpm-build \
        sanlock-devel \
-        screen \
        scrub \
-        strace \
-        sudo \
+        sed \
        systemtap-sdt-devel \
-        vim \
        wireshark-devel \
+        xen-devel \
        xfsprogs-devel \
-        xz \
        yajl-devel && \
    yum autoremove -y && \
    yum clean all -y && \
+    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja-build"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/containers/libvirt-centos-stream.Dockerfile
+++ b/ci/containers/libvirt-centos-stream.Dockerfile
@@ -1,41 +1,44 @@
-FROM centos:8
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile centos-8 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/centos:8

-RUN dnf install -y centos-release-stream && \
+RUN dnf update -y && \
    dnf install 'dnf-command(config-manager)' -y && \
-    dnf config-manager --set-enabled -y Stream-PowerTools && \
+    dnf config-manager --set-enabled -y powertools && \
+    dnf install -y centos-release-advanced-virtualization && \
    dnf install -y epel-release && \
-    dnf update -y && \
    dnf install -y \
        audit-libs-devel \
        augeas \
-        autoconf \
-        automake \
        avahi-devel \
-        bash \
        bash-completion \
        ca-certificates \
        ccache \
-        chrony \
        clang \
        cyrus-sasl-devel \
        dbus-devel \
        device-mapper-devel \
+        diffutils \
        dnsmasq \
        dwarves \
        ebtables \
+        firewalld-filesystem \
        fuse-devel \
        gcc \
-        gdb \
        gettext \
-        gettext-devel \
        git \
        glib2-devel \
        glibc-devel \
        glibc-langpack-en \
        glusterfs-api-devel \
        gnutls-devel \
+        grep \
        iproute \
        iproute-tc \
+        iptables \
        iscsi-initiator-utils \
        kmod \
        libacl-devel \
@@ -52,16 +55,13 @@ RUN dnf install -y centos-release-stream && \
        libssh-devel \
        libssh2-devel \
        libtirpc-devel \
-        libtool \
        libudev-devel \
        libwsman-devel \
        libxml2 \
        libxml2-devel \
        libxslt \
-        lsof \
        lvm2 \
        make \
-        net-tools \
        netcf-devel \
        nfs-utils \
        ninja-build \
@@ -69,9 +69,7 @@ RUN dnf install -y centos-release-stream && \
        numad \
        parted \
        parted-devel \
-        patch \
        perl \
-        perl-App-cpanminus \
        pkgconfig \
        polkit \
        python3 \
@@ -86,29 +84,24 @@ RUN dnf install -y centos-release-stream && \
        rpcgen \
        rpm-build \
        sanlock-devel \
-        screen \
        scrub \
-        strace \
-        sudo \
+        sed \
        systemtap-sdt-devel \
-        vim \
        wireshark-devel \
        xfsprogs-devel \
-        xz \
        yajl-devel && \
    dnf autoremove -y && \
    dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/containers/libvirt-centos-8.Dockerfile
+++ b/ci/containers/libvirt-centos-8.Dockerfile
@@ -1,40 +1,46 @@
-FROM centos:8
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile centos-stream libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/centos:8

-RUN dnf install 'dnf-command(config-manager)' -y && \
-    dnf config-manager --set-enabled -y PowerTools && \
-    dnf install -y epel-release && \
+RUN dnf install -y centos-release-stream && \
+    dnf install -y centos-stream-release && \
    dnf update -y && \
+    dnf install 'dnf-command(config-manager)' -y && \
+    dnf config-manager --set-enabled -y powertools && \
+    dnf install -y centos-release-advanced-virtualization && \
+    dnf install -y epel-release && \
    dnf install -y \
        audit-libs-devel \
        augeas \
-        autoconf \
-        automake \
        avahi-devel \
-        bash \
        bash-completion \
        ca-certificates \
        ccache \
-        chrony \
        clang \
        cyrus-sasl-devel \
        dbus-devel \
        device-mapper-devel \
+        diffutils \
        dnsmasq \
        dwarves \
        ebtables \
+        firewalld-filesystem \
        fuse-devel \
        gcc \
-        gdb \
        gettext \
-        gettext-devel \
        git \
        glib2-devel \
        glibc-devel \
        glibc-langpack-en \
        glusterfs-api-devel \
        gnutls-devel \
+        grep \
        iproute \
        iproute-tc \
+        iptables \
        iscsi-initiator-utils \
        kmod \
        libacl-devel \
@@ -51,16 +57,13 @@ RUN dnf install 'dnf-command(config-manager)' -y && \
        libssh-devel \
        libssh2-devel \
        libtirpc-devel \
-        libtool \
        libudev-devel \
        libwsman-devel \
        libxml2 \
        libxml2-devel \
        libxslt \
-        lsof \
        lvm2 \
        make \
-        net-tools \
        netcf-devel \
        nfs-utils \
        ninja-build \
@@ -68,9 +71,7 @@ RUN dnf install 'dnf-command(config-manager)' -y && \
        numad \
        parted \
        parted-devel \
-        patch \
        perl \
-        perl-App-cpanminus \
        pkgconfig \
        polkit \
        python3 \
@@ -85,29 +86,24 @@ RUN dnf install 'dnf-command(config-manager)' -y && \
        rpcgen \
        rpm-build \
        sanlock-devel \
-        screen \
        scrub \
-        strace \
-        sudo \
+        sed \
        systemtap-sdt-devel \
-        vim \
        wireshark-devel \
        xfsprogs-devel \
-        xz \
        yajl-devel && \
    dnf autoremove -y && \
    dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/containers/libvirt-debian-10-cross-aarch64.Dockerfile
+++ b/ci/containers/libvirt-debian-10-cross-aarch64.Dockerfile
@@ -1,46 +1,43 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross aarch64 debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:10-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -51,28 +48,25 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture arm64 && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-aarch64-linux-gnu \
            libacl1-dev:arm64 \
            libapparmor-dev:arm64 \
@@ -108,9 +102,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libxen-dev:arm64 \
            libxml2-dev:arm64 \
            libyajl-dev:arm64 \
+            systemtap-sdt-dev:arm64 \
            xfslibs-dev:arm64 && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
@@ -125,16 +120,13 @@ cpu = 'aarch64'\n\
 endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "aarch64-linux-gnu"
-ENV CONFIGURE_OPTS "--host=aarch64-linux-gnu"
 ENV MESON_OPTS "--cross-file=aarch64-linux-gnu"
--- a/ci/containers/libvirt-debian-10-cross-armv6l.Dockerfile
+++ b/ci/containers/libvirt-debian-10-cross-armv6l.Dockerfile
@@ -1,46 +1,43 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross armv6l debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:10-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -51,28 +48,25 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture armel && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-arm-linux-gnueabi \
            libacl1-dev:armel \
            libapparmor-dev:armel \
@@ -107,9 +101,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:armel \
            libxml2-dev:armel \
            libyajl-dev:armel \
+            systemtap-sdt-dev:armel \
            xfslibs-dev:armel && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
@@ -124,16 +119,13 @@ cpu = 'arm'\n\
 endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "arm-linux-gnueabi"
-ENV CONFIGURE_OPTS "--host=arm-linux-gnueabi"
 ENV MESON_OPTS "--cross-file=arm-linux-gnueabi"
--- a/ci/containers/libvirt-debian-10-cross-armv7l.Dockerfile
+++ b/ci/containers/libvirt-debian-10-cross-armv7l.Dockerfile
@@ -1,46 +1,43 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross armv7l debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:10-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -51,28 +48,25 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture armhf && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-arm-linux-gnueabihf \
            libacl1-dev:armhf \
            libapparmor-dev:armhf \
@@ -108,9 +102,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libxen-dev:armhf \
            libxml2-dev:armhf \
            libyajl-dev:armhf \
+            systemtap-sdt-dev:armhf \
            xfslibs-dev:armhf && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
@@ -125,16 +120,13 @@ cpu = 'armhf'\n\
 endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "arm-linux-gnueabihf"
-ENV CONFIGURE_OPTS "--host=arm-linux-gnueabihf"
 ENV MESON_OPTS "--cross-file=arm-linux-gnueabihf"
--- a/ci/containers/libvirt-debian-10-cross-i686.Dockerfile
+++ b/ci/containers/libvirt-debian-10-cross-i686.Dockerfile
@@ -1,46 +1,43 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross i686 debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:10-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -51,28 +48,25 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture i386 && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-i686-linux-gnu \
            libacl1-dev:i386 \
            libapparmor-dev:i386 \
@@ -107,9 +101,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:i386 \
            libxml2-dev:i386 \
            libyajl-dev:i386 \
+            systemtap-sdt-dev:i386 \
            xfslibs-dev:i386 && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/i686-linux-gnu-gcc'\n\
@@ -124,16 +119,13 @@ cpu = 'i686'\n\
 endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "i686-linux-gnu"
-ENV CONFIGURE_OPTS "--host=i686-linux-gnu"
 ENV MESON_OPTS "--cross-file=i686-linux-gnu"
--- a/ci/containers/libvirt-debian-10-cross-mips.Dockerfile
+++ b/ci/containers/libvirt-debian-10-cross-mips.Dockerfile
@@ -1,46 +1,43 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mips debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:10-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -51,28 +48,25 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture mips && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-mips-linux-gnu \
            libacl1-dev:mips \
            libapparmor-dev:mips \
@@ -107,9 +101,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:mips \
            libxml2-dev:mips \
            libyajl-dev:mips \
+            systemtap-sdt-dev:mips \
            xfslibs-dev:mips && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/mips-linux-gnu-gcc'\n\
@@ -121,19 +116,16 @@ pkgconfig = '/usr/bin/mips-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips'\n\
 cpu = 'mips'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mips-linux-gnu
+endian = 'big'" > /usr/local/share/meson/cross/mips-linux-gnu

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "mips-linux-gnu"
-ENV CONFIGURE_OPTS "--host=mips-linux-gnu"
 ENV MESON_OPTS "--cross-file=mips-linux-gnu"
--- a/ci/containers/libvirt-debian-10-cross-mips64el.Dockerfile
+++ b/ci/containers/libvirt-debian-10-cross-mips64el.Dockerfile
@@ -1,46 +1,43 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mips64el debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:10-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -51,28 +48,25 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture mips64el && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-mips64el-linux-gnuabi64 \
            libacl1-dev:mips64el \
            libapparmor-dev:mips64el \
@@ -107,9 +101,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:mips64el \
            libxml2-dev:mips64el \
            libyajl-dev:mips64el \
+            systemtap-sdt-dev:mips64el \
            xfslibs-dev:mips64el && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
@@ -124,16 +119,13 @@ cpu = 'mips64el'\n\
 endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "mips64el-linux-gnuabi64"
-ENV CONFIGURE_OPTS "--host=mips64el-linux-gnuabi64"
 ENV MESON_OPTS "--cross-file=mips64el-linux-gnuabi64"
--- a/ci/containers/libvirt-debian-10-cross-mipsel.Dockerfile
+++ b/ci/containers/libvirt-debian-10-cross-mipsel.Dockerfile
@@ -1,46 +1,43 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mipsel debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:10-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -51,28 +48,25 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture mipsel && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-mipsel-linux-gnu \
            libacl1-dev:mipsel \
            libapparmor-dev:mipsel \
@@ -107,9 +101,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:mipsel \
            libxml2-dev:mipsel \
            libyajl-dev:mipsel \
+            systemtap-sdt-dev:mipsel \
            xfslibs-dev:mipsel && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
@@ -124,16 +119,13 @@ cpu = 'mipsel'\n\
 endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "mipsel-linux-gnu"
-ENV CONFIGURE_OPTS "--host=mipsel-linux-gnu"
 ENV MESON_OPTS "--cross-file=mipsel-linux-gnu"
--- a/ci/containers/libvirt-debian-10-cross-ppc64le.Dockerfile
+++ b/ci/containers/libvirt-debian-10-cross-ppc64le.Dockerfile
@@ -1,46 +1,43 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross ppc64le debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:10-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -51,28 +48,25 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture ppc64el && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-powerpc64le-linux-gnu \
            libacl1-dev:ppc64el \
            libapparmor-dev:ppc64el \
@@ -107,9 +101,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:ppc64el \
            libxml2-dev:ppc64el \
            libyajl-dev:ppc64el \
+            systemtap-sdt-dev:ppc64el \
            xfslibs-dev:ppc64el && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
@@ -124,16 +119,13 @@ cpu = 'powerpc64le'\n\
 endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "powerpc64le-linux-gnu"
-ENV CONFIGURE_OPTS "--host=powerpc64le-linux-gnu"
 ENV MESON_OPTS "--cross-file=powerpc64le-linux-gnu"
--- a/ci/containers/libvirt-debian-10-cross-s390x.Dockerfile
+++ b/ci/containers/libvirt-debian-10-cross-s390x.Dockerfile
@@ -1,46 +1,43 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross s390x debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:10-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -51,28 +48,25 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture s390x && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-s390x-linux-gnu \
            libacl1-dev:s390x \
            libapparmor-dev:s390x \
@@ -107,9 +101,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:s390x \
            libxml2-dev:s390x \
            libyajl-dev:s390x \
+            systemtap-sdt-dev:s390x \
            xfslibs-dev:s390x && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/s390x-linux-gnu-gcc'\n\
@@ -121,19 +116,16 @@ pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 's390x'\n\
 cpu = 's390x'\n\
-endian = 'little'" > /usr/local/share/meson/cross/s390x-linux-gnu
+endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "s390x-linux-gnu"
-ENV CONFIGURE_OPTS "--host=s390x-linux-gnu"
 ENV MESON_OPTS "--cross-file=s390x-linux-gnu"
--- a/ci/containers/libvirt-debian-10.Dockerfile
+++ b/ci/containers/libvirt-debian-10.Dockerfile
@@ -1,30 +1,32 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:10-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libacl1-dev \
            libapparmor-dev \
@@ -58,24 +60,19 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libssh-gcrypt-dev \
            libssh2-1-dev \
            libtirpc-dev \
-            libtool \
-            libtool-bin \
            libudev-dev \
            libxen-dev \
            libxml2-dev \
            libxml2-utils \
            libyajl-dev \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -86,32 +83,27 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
+            sed \
            systemtap-sdt-dev \
-            vim \
            wireshark-dev \
            xfslibs-dev \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/containers/libvirt-debian-sid-cross-aarch64.Dockerfile
+++ b/ci/containers/libvirt-debian-sid-cross-aarch64.Dockerfile
@@ -1,79 +1,70 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross aarch64 debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:sid-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
            meson \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
            python3 \
            python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture arm64 && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-aarch64-linux-gnu \
            libacl1-dev:arm64 \
            libapparmor-dev:arm64 \
@@ -109,9 +100,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libxen-dev:arm64 \
            libxml2-dev:arm64 \
            libyajl-dev:arm64 \
+            systemtap-sdt-dev:arm64 \
            xfslibs-dev:arm64 && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
@@ -126,13 +118,10 @@ cpu = 'aarch64'\n\
 endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "aarch64-linux-gnu"
-ENV CONFIGURE_OPTS "--host=aarch64-linux-gnu"
 ENV MESON_OPTS "--cross-file=aarch64-linux-gnu"
--- a/ci/containers/libvirt-debian-sid-cross-armv6l.Dockerfile
+++ b/ci/containers/libvirt-debian-sid-cross-armv6l.Dockerfile
@@ -1,79 +1,70 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross armv6l debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:sid-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
            meson \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
            python3 \
            python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture armel && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-arm-linux-gnueabi \
            libacl1-dev:armel \
            libapparmor-dev:armel \
@@ -108,9 +99,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:armel \
            libxml2-dev:armel \
            libyajl-dev:armel \
+            systemtap-sdt-dev:armel \
            xfslibs-dev:armel && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
@@ -125,13 +117,10 @@ cpu = 'arm'\n\
 endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "arm-linux-gnueabi"
-ENV CONFIGURE_OPTS "--host=arm-linux-gnueabi"
 ENV MESON_OPTS "--cross-file=arm-linux-gnueabi"
--- a/ci/containers/libvirt-debian-sid-cross-armv7l.Dockerfile
+++ b/ci/containers/libvirt-debian-sid-cross-armv7l.Dockerfile
@@ -1,79 +1,70 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross armv7l debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:sid-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
            meson \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
            python3 \
            python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture armhf && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-arm-linux-gnueabihf \
            libacl1-dev:armhf \
            libapparmor-dev:armhf \
@@ -109,9 +100,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libxen-dev:armhf \
            libxml2-dev:armhf \
            libyajl-dev:armhf \
+            systemtap-sdt-dev:armhf \
            xfslibs-dev:armhf && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
@@ -126,13 +118,10 @@ cpu = 'armhf'\n\
 endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "arm-linux-gnueabihf"
-ENV CONFIGURE_OPTS "--host=arm-linux-gnueabihf"
 ENV MESON_OPTS "--cross-file=arm-linux-gnueabihf"
--- a/ci/containers/libvirt-debian-sid-cross-i686.Dockerfile
+++ b/ci/containers/libvirt-debian-sid-cross-i686.Dockerfile
@@ -1,79 +1,70 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross i686 debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:sid-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
            meson \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
            python3 \
            python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture i386 && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-i686-linux-gnu \
            libacl1-dev:i386 \
            libapparmor-dev:i386 \
@@ -108,9 +99,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:i386 \
            libxml2-dev:i386 \
            libyajl-dev:i386 \
+            systemtap-sdt-dev:i386 \
            xfslibs-dev:i386 && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/i686-linux-gnu-gcc'\n\
@@ -125,13 +117,10 @@ cpu = 'i686'\n\
 endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "i686-linux-gnu"
-ENV CONFIGURE_OPTS "--host=i686-linux-gnu"
 ENV MESON_OPTS "--cross-file=i686-linux-gnu"
--- a/ci/containers/libvirt-debian-sid-cross-mips64el.Dockerfile
+++ b/ci/containers/libvirt-debian-sid-cross-mips64el.Dockerfile
@@ -1,79 +1,70 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mips64el debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:sid-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
            meson \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
            python3 \
            python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture mips64el && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-mips64el-linux-gnuabi64 \
            libacl1-dev:mips64el \
            libapparmor-dev:mips64el \
@@ -108,9 +99,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:mips64el \
            libxml2-dev:mips64el \
            libyajl-dev:mips64el \
+            systemtap-sdt-dev:mips64el \
            xfslibs-dev:mips64el && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
@@ -125,13 +117,10 @@ cpu = 'mips64el'\n\
 endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "mips64el-linux-gnuabi64"
-ENV CONFIGURE_OPTS "--host=mips64el-linux-gnuabi64"
 ENV MESON_OPTS "--cross-file=mips64el-linux-gnuabi64"
--- a/ci/containers/libvirt-debian-sid-cross-mipsel.Dockerfile
+++ b/ci/containers/libvirt-debian-sid-cross-mipsel.Dockerfile
@@ -1,79 +1,70 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mipsel debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:sid-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
            meson \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
            python3 \
            python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture mipsel && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-mipsel-linux-gnu \
            libacl1-dev:mipsel \
            libapparmor-dev:mipsel \
@@ -108,9 +99,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:mipsel \
            libxml2-dev:mipsel \
            libyajl-dev:mipsel \
+            systemtap-sdt-dev:mipsel \
            xfslibs-dev:mipsel && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
@@ -125,13 +117,10 @@ cpu = 'mipsel'\n\
 endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "mipsel-linux-gnu"
-ENV CONFIGURE_OPTS "--host=mipsel-linux-gnu"
 ENV MESON_OPTS "--cross-file=mipsel-linux-gnu"
--- a/ci/containers/libvirt-debian-sid-cross-ppc64le.Dockerfile
+++ b/ci/containers/libvirt-debian-sid-cross-ppc64le.Dockerfile
@@ -1,79 +1,70 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross ppc64le debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:sid-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
            meson \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
            python3 \
            python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture ppc64el && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-powerpc64le-linux-gnu \
            libacl1-dev:ppc64el \
            libapparmor-dev:ppc64el \
@@ -108,9 +99,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:ppc64el \
            libxml2-dev:ppc64el \
            libyajl-dev:ppc64el \
+            systemtap-sdt-dev:ppc64el \
            xfslibs-dev:ppc64el && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
@@ -125,13 +117,10 @@ cpu = 'powerpc64le'\n\
 endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "powerpc64le-linux-gnu"
-ENV CONFIGURE_OPTS "--host=powerpc64le-linux-gnu"
 ENV MESON_OPTS "--cross-file=powerpc64le-linux-gnu"
--- a/ci/containers/libvirt-debian-sid-cross-s390x.Dockerfile
+++ b/ci/containers/libvirt-debian-sid-cross-s390x.Dockerfile
@@ -1,79 +1,70 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross s390x debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:sid-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libc-dev-bin \
-            libtool \
-            libtool-bin \
            libxml2-utils \
            locales \
-            lsof \
            lvm2 \
            make \
            meson \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
            python3 \
            python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
-            vim \
+            sed \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-$(basename /usr/bin/gcc)

 RUN export DEBIAN_FRONTEND=noninteractive && \
    dpkg --add-architecture s390x && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
            gcc-s390x-linux-gnu \
            libacl1-dev:s390x \
            libapparmor-dev:s390x \
@@ -108,9 +99,10 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libudev-dev:s390x \
            libxml2-dev:s390x \
            libyajl-dev:s390x \
+            systemtap-sdt-dev:s390x \
            xfslibs-dev:s390x && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    mkdir -p /usr/local/share/meson/cross && \
    echo "[binaries]\n\
 c = '/usr/bin/s390x-linux-gnu-gcc'\n\
@@ -122,16 +114,13 @@ pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 's390x'\n\
 cpu = 's390x'\n\
-endian = 'little'" > /usr/local/share/meson/cross/s390x-linux-gnu
+endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "s390x-linux-gnu"
-ENV CONFIGURE_OPTS "--host=s390x-linux-gnu"
 ENV MESON_OPTS "--cross-file=s390x-linux-gnu"
--- a/ci/containers/libvirt-debian-sid.Dockerfile
+++ b/ci/containers/libvirt-debian-sid.Dockerfile
@@ -1,30 +1,32 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/debian:sid-slim

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libacl1-dev \
            libapparmor-dev \
@@ -58,58 +60,45 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libssh-gcrypt-dev \
            libssh2-1-dev \
            libtirpc-dev \
-            libtool \
-            libtool-bin \
            libudev-dev \
            libxen-dev \
            libxml2-dev \
            libxml2-utils \
            libyajl-dev \
            locales \
-            lsof \
            lvm2 \
            make \
            meson \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
            python3 \
            python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
+            sed \
            systemtap-sdt-dev \
-            vim \
            wireshark-dev \
            xfslibs-dev \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/containers/libvirt-fedora-32.Dockerfile
+++ b/ci/containers/libvirt-fedora-32.Dockerfile
@@ -1,38 +1,51 @@
-FROM fedora:32
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile fedora-32 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM registry.fedoraproject.org/fedora:32

-RUN dnf update -y && \
-    dnf install -y \
+RUN dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
        audit-libs-devel \
        augeas \
-        autoconf \
-        automake \
        avahi-devel \
-        bash \
        bash-completion \
        ca-certificates \
        ccache \
-        chrony \
        clang \
        cppi \
        cyrus-sasl-devel \
        dbus-devel \
        device-mapper-devel \
+        diffutils \
        dnsmasq \
        dwarves \
        ebtables \
+        firewalld-filesystem \
        fuse-devel \
        gcc \
-        gdb \
        gettext \
-        gettext-devel \
        git \
        glib2-devel \
        glibc-devel \
        glibc-langpack-en \
        glusterfs-api-devel \
        gnutls-devel \
+        grep \
        iproute \
        iproute-tc \
+        iptables \
        iscsi-initiator-utils \
        kmod \
        libacl-devel \
@@ -49,17 +62,14 @@ RUN dnf update -y && \
        libssh-devel \
        libssh2-devel \
        libtirpc-devel \
-        libtool \
        libudev-devel \
        libwsman-devel \
        libxml2 \
        libxml2-devel \
        libxslt \
-        lsof \
        lvm2 \
        make \
        meson \
-        net-tools \
        netcf-devel \
        nfs-utils \
        ninja-build \
@@ -67,46 +77,36 @@ RUN dnf update -y && \
        numad \
        parted \
        parted-devel \
-        patch \
        perl \
-        perl-App-cpanminus \
        pkgconfig \
        polkit \
        python3 \
        python3-docutils \
        python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
        qemu-img \
        radvd \
        readline-devel \
        rpcgen \
        rpm-build \
        sanlock-devel \
-        screen \
        scrub \
+        sed \
        sheepdog \
-        strace \
-        sudo \
        systemtap-sdt-devel \
-        vim \
        wireshark-devel \
        xen-devel \
        xfsprogs-devel \
-        xz \
        yajl-devel \
        zfs-fuse && \
-    dnf autoremove -y && \
-    dnf clean all -y && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/containers/libvirt-fedora-31.Dockerfile
+++ b/ci/containers/libvirt-fedora-31.Dockerfile
@@ -1,38 +1,51 @@
-FROM fedora:31
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile fedora-33 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM registry.fedoraproject.org/fedora:33

-RUN dnf update -y && \
-    dnf install -y \
+RUN dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
        audit-libs-devel \
        augeas \
-        autoconf \
-        automake \
        avahi-devel \
-        bash \
        bash-completion \
        ca-certificates \
        ccache \
-        chrony \
        clang \
        cppi \
        cyrus-sasl-devel \
        dbus-devel \
        device-mapper-devel \
+        diffutils \
        dnsmasq \
        dwarves \
        ebtables \
+        firewalld-filesystem \
        fuse-devel \
        gcc \
-        gdb \
        gettext \
-        gettext-devel \
        git \
        glib2-devel \
        glibc-devel \
        glibc-langpack-en \
        glusterfs-api-devel \
        gnutls-devel \
+        grep \
        iproute \
        iproute-tc \
+        iptables \
        iscsi-initiator-utils \
        kmod \
        libacl-devel \
@@ -49,16 +62,14 @@ RUN dnf update -y && \
        libssh-devel \
        libssh2-devel \
        libtirpc-devel \
-        libtool \
        libudev-devel \
        libwsman-devel \
        libxml2 \
        libxml2-devel \
        libxslt \
-        lsof \
        lvm2 \
        make \
-        net-tools \
+        meson \
        netcf-devel \
        nfs-utils \
        ninja-build \
@@ -66,49 +77,36 @@ RUN dnf update -y && \
        numad \
        parted \
        parted-devel \
-        patch \
        perl \
-        perl-App-cpanminus \
        pkgconfig \
        polkit \
        python3 \
        python3-docutils \
        python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
        qemu-img \
        radvd \
        readline-devel \
        rpcgen \
        rpm-build \
        sanlock-devel \
-        screen \
        scrub \
+        sed \
        sheepdog \
-        strace \
-        sudo \
        systemtap-sdt-devel \
-        vim \
        wireshark-devel \
        xen-devel \
        xfsprogs-devel \
-        xz \
        yajl-devel \
        zfs-fuse && \
-    dnf autoremove -y && \
-    dnf clean all -y && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

-RUN pip3 install \
-         meson==0.54.0
-
 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/containers/libvirt-fedora-rawhide-cross-mingw32.Dockerfile
+++ b/ci/containers/libvirt-fedora-rawhide-cross-mingw32.Dockerfile
@@ -1,72 +1,71 @@
-FROM fedora:rawhide
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mingw32 fedora-rawhide libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM registry.fedoraproject.org/fedora:rawhide

 RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
-    dnf update -y && \
-    dnf install -y \
+    dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
        augeas \
-        autoconf \
-        automake \
-        bash \
        bash-completion \
        ca-certificates \
        ccache \
-        chrony \
-        clang \
        cppi \
+        diffutils \
        dnsmasq \
        dwarves \
        ebtables \
-        gcc \
-        gdb \
-        gettext-devel \
+        firewalld-filesystem \
        git \
        glibc-langpack-en \
+        grep \
        iproute \
        iproute-tc \
+        iptables \
        iscsi-initiator-utils \
        kmod \
-        libtool \
-        libwsman-devel \
        libxml2 \
        libxslt \
-        lsof \
        lvm2 \
        make \
        meson \
-        net-tools \
        nfs-utils \
        ninja-build \
        numad \
        parted \
-        patch \
        perl \
-        perl-App-cpanminus \
        polkit \
        python3 \
        python3-docutils \
        python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
        qemu-img \
        radvd \
        rpcgen \
        rpm-build \
-        screen \
        scrub \
+        sed \
        sheepdog \
-        strace \
-        sudo \
-        vim \
-        xz \
        zfs-fuse && \
-    dnf autoremove -y && \
-    dnf clean all -y && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-w64-mingw32-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-w64-mingw32-$(basename /usr/bin/gcc)

-RUN dnf install -y \
+RUN nosync dnf install -y \
        mingw32-curl \
        mingw32-dbus \
        mingw32-dlfcn \
@@ -80,16 +79,13 @@ RUN dnf install -y \
        mingw32-pkg-config \
        mingw32-portablexdr \
        mingw32-readline && \
-    dnf clean all -y
+    nosync dnf clean all -y

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "i686-w64-mingw32"
-ENV CONFIGURE_OPTS "--host=i686-w64-mingw32"
 ENV MESON_OPTS "--cross-file=/usr/share/mingw/toolchain-mingw32.meson"
--- a/ci/containers/libvirt-fedora-rawhide-cross-mingw64.Dockerfile
+++ b/ci/containers/libvirt-fedora-rawhide-cross-mingw64.Dockerfile
@@ -1,72 +1,71 @@
-FROM fedora:rawhide
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mingw64 fedora-rawhide libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM registry.fedoraproject.org/fedora:rawhide

 RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
-    dnf update -y && \
-    dnf install -y \
+    dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
        augeas \
-        autoconf \
-        automake \
-        bash \
        bash-completion \
        ca-certificates \
        ccache \
-        chrony \
-        clang \
        cppi \
+        diffutils \
        dnsmasq \
        dwarves \
        ebtables \
-        gcc \
-        gdb \
-        gettext-devel \
+        firewalld-filesystem \
        git \
        glibc-langpack-en \
+        grep \
        iproute \
        iproute-tc \
+        iptables \
        iscsi-initiator-utils \
        kmod \
-        libtool \
-        libwsman-devel \
        libxml2 \
        libxslt \
-        lsof \
        lvm2 \
        make \
        meson \
-        net-tools \
        nfs-utils \
        ninja-build \
        numad \
        parted \
-        patch \
        perl \
-        perl-App-cpanminus \
        polkit \
        python3 \
        python3-docutils \
        python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
        qemu-img \
        radvd \
        rpcgen \
        rpm-build \
-        screen \
        scrub \
+        sed \
        sheepdog \
-        strace \
-        sudo \
-        vim \
-        xz \
        zfs-fuse && \
-    dnf autoremove -y && \
-    dnf clean all -y && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/x86_64-w64-mingw32-cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/x86_64-w64-mingw32-$(basename /usr/bin/gcc)

-RUN dnf install -y \
+RUN nosync dnf install -y \
        mingw64-curl \
        mingw64-dbus \
        mingw64-dlfcn \
@@ -80,16 +79,13 @@ RUN dnf install -y \
        mingw64-pkg-config \
        mingw64-portablexdr \
        mingw64-readline && \
-    dnf clean all -y
+    nosync dnf clean all -y

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

 ENV ABI "x86_64-w64-mingw32"
-ENV CONFIGURE_OPTS "--host=x86_64-w64-mingw32"
 ENV MESON_OPTS "--cross-file=/usr/share/mingw/toolchain-mingw64.meson"
--- a/ci/containers/libvirt-fedora-rawhide.Dockerfile
+++ b/ci/containers/libvirt-fedora-rawhide.Dockerfile
@@ -1,39 +1,52 @@
-FROM fedora:rawhide
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile fedora-rawhide libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM registry.fedoraproject.org/fedora:rawhide

 RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
-    dnf update -y && \
-    dnf install -y \
+    dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
        audit-libs-devel \
        augeas \
-        autoconf \
-        automake \
        avahi-devel \
-        bash \
        bash-completion \
        ca-certificates \
        ccache \
-        chrony \
        clang \
        cppi \
        cyrus-sasl-devel \
        dbus-devel \
        device-mapper-devel \
+        diffutils \
        dnsmasq \
        dwarves \
        ebtables \
+        firewalld-filesystem \
        fuse-devel \
        gcc \
-        gdb \
        gettext \
-        gettext-devel \
        git \
        glib2-devel \
        glibc-devel \
        glibc-langpack-en \
        glusterfs-api-devel \
        gnutls-devel \
+        grep \
        iproute \
        iproute-tc \
+        iptables \
        iscsi-initiator-utils \
        kmod \
        libacl-devel \
@@ -50,17 +63,14 @@ RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
        libssh-devel \
        libssh2-devel \
        libtirpc-devel \
-        libtool \
        libudev-devel \
        libwsman-devel \
        libxml2 \
        libxml2-devel \
        libxslt \
-        lsof \
        lvm2 \
        make \
        meson \
-        net-tools \
        netcf-devel \
        nfs-utils \
        ninja-build \
@@ -68,46 +78,36 @@ RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
        numad \
        parted \
        parted-devel \
-        patch \
        perl \
-        perl-App-cpanminus \
        pkgconfig \
        polkit \
        python3 \
        python3-docutils \
        python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
        qemu-img \
        radvd \
        readline-devel \
        rpcgen \
        rpm-build \
        sanlock-devel \
-        screen \
        scrub \
+        sed \
        sheepdog \
-        strace \
-        sudo \
        systemtap-sdt-devel \
-        vim \
        wireshark-devel \
        xen-devel \
        xfsprogs-devel \
-        xz \
        yajl-devel \
        zfs-fuse && \
-    dnf autoremove -y && \
-    dnf clean all -y && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/containers/libvirt-opensuse-151.Dockerfile
+++ b/ci/containers/libvirt-opensuse-151.Dockerfile
@@ -1,37 +1,39 @@
-FROM opensuse/leap:15.1
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile opensuse-152 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM registry.opensuse.org/opensuse/leap:15.2

 RUN zypper update -y && \
    zypper install -y \
           audit-devel \
           augeas \
           augeas-lenses \
-           autoconf \
-           automake \
           avahi-devel \
-           bash \
           bash-completion \
           ca-certificates \
           ccache \
-           chrony \
           clang \
           cppi \
           cyrus-sasl-devel \
           dbus-1-devel \
           device-mapper-devel \
+           diffutils \
           dnsmasq \
           dwarves \
           ebtables \
           fuse-devel \
           gcc \
-           gdb \
-           gettext \
-           gettext-devel \
+           gettext-runtime \
           git \
           glib2-devel \
           glibc-devel \
           glibc-locale \
           glusterfs-devel \
+           grep \
           iproute2 \
+           iptables \
           kmod \
           libacl-devel \
           libapparmor-devel \
@@ -50,29 +52,24 @@ RUN zypper update -y && \
           libssh-devel \
           libssh2-devel \
           libtirpc-devel \
-           libtool \
           libudev-devel \
           libwsman-devel \
           libxml2 \
           libxml2-devel \
           libxslt \
           libyajl-devel \
-           lsof \
           lvm2 \
           make \
-           net-tools \
           nfs-utils \
           ninja \
           numad \
           open-iscsi \
           parted \
           parted-devel \
-           patch \
           perl \
-           perl-App-cpanminus \
           pkgconfig \
           polkit \
-           python3 \
+           python3-base \
           python3-docutils \
           python3-flake8 \
           python3-pip \
@@ -84,28 +81,23 @@ RUN zypper update -y && \
           rpcgen \
           rpm-build \
           sanlock-devel \
-           screen \
           scrub \
-           strace \
-           sudo \
+           sed \
           systemtap-sdt-devel \
-           vim \
           wireshark-devel \
           xen-devel \
-           xfsprogs-devel \
-           xz && \
+           xfsprogs-devel && \
    zypper clean --all && \
+    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/containers/refresh
+++ b/ci/containers/refresh
@@ -1,42 +0,0 @@
-#!/bin/sh
-
-if test -z "$1"
-then
-    echo "syntax: $0 PATH-TO-LCITOOL"
-    exit 1
-fi
-
-LCITOOL=$1
-
-if ! test -x "$LCITOOL"
-then
-    echo "$LCITOOL is not executable"
-    exit 1
-fi
-
-HOSTS=$($LCITOOL hosts | grep -Ev 'freebsd|macos')
-
-for host in $HOSTS
-do
-    case "$host" in
-    libvirt-fedora-rawhide)
-        for cross in mingw32 mingw64
-        do
-            $LCITOOL dockerfile $host libvirt --cross $cross >$host-cross-$cross.Dockerfile
-        done
-        ;;
-    libvirt-debian-*)
-        for cross in aarch64 armv6l armv7l i686 mips mips64el mipsel ppc64le s390x
-        do
-            if test "$host-cross-$cross" = "libvirt-debian-9-cross-i686" ||
-               test "$host-cross-$cross" = "libvirt-debian-sid-cross-mips"
-            then
-                continue
-            fi
-            $LCITOOL dockerfile $host libvirt --cross $cross >$host-cross-$cross.Dockerfile
-        done
-        ;;
-    esac
-
-    $LCITOOL dockerfile $host libvirt >$host.Dockerfile
-done
--- a/ci/containers/libvirt-ubuntu-1804.Dockerfile
+++ b/ci/containers/libvirt-ubuntu-1804.Dockerfile
@@ -1,31 +1,33 @@
-FROM ubuntu:18.04
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile ubuntu-1804 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/ubuntu:18.04

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
            glusterfs-common \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libacl1-dev \
            libapparmor-dev \
@@ -59,24 +61,19 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libssh-dev \
            libssh2-1-dev \
            libtirpc-dev \
-            libtool \
-            libtool-bin \
            libudev-dev \
            libxen-dev \
            libxml2-dev \
            libxml2-utils \
            libyajl-dev \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -87,33 +84,28 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
+            sed \
            sheepdog \
-            strace \
-            sudo \
            systemtap-sdt-dev \
-            vim \
            wireshark-dev \
            xfslibs-dev \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/containers/libvirt-ubuntu-2004.Dockerfile
+++ b/ci/containers/libvirt-ubuntu-2004.Dockerfile
@@ -1,30 +1,32 @@
-FROM ubuntu:20.04
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile ubuntu-2004 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/ceb381dce7c901e180a621951355800d8135ce82
+FROM docker.io/library/ubuntu:20.04

 RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
            augeas-lenses \
            augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
            bash-completion \
            ca-certificates \
            ccache \
-            chrony \
            clang \
-            cpanminus \
+            diffutils \
            dnsmasq-base \
            dwarves \
            ebtables \
            flake8 \
            gcc \
-            gdb \
            gettext \
            git \
+            grep \
            iproute2 \
+            iptables \
            kmod \
            libacl1-dev \
            libapparmor-dev \
@@ -59,24 +61,19 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            libssh-dev \
            libssh2-1-dev \
            libtirpc-dev \
-            libtool \
-            libtool-bin \
            libudev-dev \
            libxen-dev \
            libxml2-dev \
            libxml2-utils \
            libyajl-dev \
            locales \
-            lsof \
            lvm2 \
            make \
-            net-tools \
            nfs-common \
            ninja-build \
            numad \
            open-iscsi \
            parted \
-            patch \
            perl \
            pkgconf \
            policykit-1 \
@@ -87,32 +84,27 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
            python3-wheel \
            qemu-utils \
            radvd \
-            screen \
            scrub \
-            strace \
-            sudo \
+            sed \
            systemtap-sdt-dev \
-            vim \
            wireshark-dev \
            xfslibs-dev \
            xsltproc \
-            xz-utils \
            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)

 RUN pip3 install \
-         meson==0.54.0
+         meson==0.55.3

 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
--- a/ci/helper
+++ b/ci/helper
@@ -0,0 +1,343 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 Red Hat, Inc.
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+import argparse
+import os
+import pathlib
+import pty
+import shutil
+import subprocess
+import sys
+import textwrap
+
+import util
+
+
+class Parser:
+    def __init__(self):
+        # Options that are common to all actions that use containers
+        containerparser = argparse.ArgumentParser(add_help=False)
+        containerparser.add_argument(
+            "target",
+            help="perform action on target OS",
+        )
+        containerparser.add_argument(
+            "--engine",
+            choices=["auto", "podman", "docker"],
+            default="auto",
+            help="container engine to use",
+        )
+        containerparser.add_argument(
+            "--login",
+            default=os.getlogin(),  # exempt from syntax-check
+            help="login to use inside the container",
+        )
+        containerparser.add_argument(
+            "--image-prefix",
+            default="registry.gitlab.com/libvirt/libvirt/ci-",
+            help="use container images from non-default location",
+        )
+        containerparser.add_argument(
+            "--image-tag",
+            default=":latest",
+            help="use container images with non-default tags",
+        )
+
+        # Options that are common to all actions that call the
+        # project's build system
+        mesonparser = argparse.ArgumentParser(add_help=False)
+        mesonparser.add_argument(
+            "--meson-args",
+            default="",
+            help="additional arguments passed to meson "
+                 "(eg --meson-args='-Dopt1=enabled -Dopt2=disabled')",
+        )
+        mesonparser.add_argument(
+            "--ninja-args",
+            default="",
+            help="additional arguments passed to ninja",
+        )
+
+        # Options that are common to all actions that use lcitool
+        lcitoolparser = argparse.ArgumentParser(add_help=False)
+        lcitoolparser.add_argument(
+            "--lcitool",
+            metavar="PATH",
+            default="lcitool",
+            help="path to lcitool binary",
+        )
+
+        # Options that are common to actions communicating with a GitLab
+        # instance
+        gitlabparser = argparse.ArgumentParser(add_help=False)
+        gitlabparser.add_argument(
+            "--namespace",
+            default="libvirt/libvirt",
+            help="GitLab project namespace"
+        )
+        gitlabparser.add_argument(
+            "--gitlab-uri",
+            default="https://gitlab.com",
+            help="base GitLab URI"
+        )
+
+        # Main parser
+        self._parser = argparse.ArgumentParser()
+        subparsers = self._parser.add_subparsers(
+            dest="action",
+            metavar="ACTION",
+        )
+        subparsers.required = True
+
+        # build action
+        buildparser = subparsers.add_parser(
+            "build",
+            help="run a build in a container",
+            parents=[containerparser, mesonparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        buildparser.set_defaults(func=Application._action_build)
+
+        # test action
+        testparser = subparsers.add_parser(
+            "test",
+            help="run a build in a container (including tests)",
+            parents=[containerparser, mesonparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        testparser.set_defaults(func=Application._action_test)
+
+        # shell action
+        shellparser = subparsers.add_parser(
+            "shell",
+            help="start a shell in a container",
+            parents=[containerparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        shellparser.set_defaults(func=Application._action_shell)
+
+        # list-images action
+        listimagesparser = subparsers.add_parser(
+            "list-images",
+            help="list known container images",
+            parents=[gitlabparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        listimagesparser.set_defaults(func=Application._action_list_images)
+
+        # refresh action
+        refreshparser = subparsers.add_parser(
+            "refresh",
+            help="refresh data generated with lcitool",
+            parents=[lcitoolparser, gitlabparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        refreshparser.add_argument(
+            "--quiet",
+            action="store_true",
+            default=False,
+            help="refresh data silently"
+        )
+        refreshparser.add_argument(
+            "--check-stale",
+            action="store",
+            choices=["yes", "no"],
+            default="yes",
+            help="check for existence of stale images on the GitLab instance"
+        )
+        refreshparser.set_defaults(func=Application._action_refresh)
+
+    def parse(self):
+        return self._parser.parse_args()
+
+
+class Application:
+    def __init__(self):
+        self._basedir = pathlib.Path(__file__).resolve().parent
+        self._args = Parser().parse()
+
+        if self._args.action == "refresh":
+            if not shutil.which(self._args.lcitool):
+                sys.exit("error: 'lcitool' not installed")
+
+    def _make_run(self, target):
+        args = [
+            "-C",
+            self._basedir,
+            target,
+        ]
+
+        if self._args.action in ["build", "test", "shell"]:
+            args.extend([
+                f"CI_ENGINE={self._args.engine}",
+                f"CI_USER_LOGIN={self._args.login}",
+                f"CI_IMAGE_PREFIX={self._args.image_prefix}",
+                f"CI_IMAGE_TAG={self._args.image_tag}",
+            ])
+
+        if self._args.action in ["build", "test"]:
+            args.extend([
+                f"CI_MESON_ARGS={self._args.meson_args}",
+                f"CI_NINJA_ARGS={self._args.ninja_args}",
+            ])
+
+        if pty.spawn(["make"] + args) != 0:
+            sys.exit("error: 'make' failed")
+
+    def _lcitool_run(self, args):
+        output = subprocess.check_output([self._args.lcitool] + args)
+        return output.decode("utf-8")
+
+    def _lcitool_get_hosts(self):
+        output = self._lcitool_run(["hosts"])
+        return output.splitlines()
+
+    def _generate_dockerfile(self, host, cross=None):
+        args = ["dockerfile", host, "libvirt"]
+        outdir = self._basedir.joinpath("containers")
+        outfile = f"{host}.Dockerfile"
+
+        if cross:
+            args.extend(["--cross", cross])
+            outfile = f"{host}-cross-{cross}.Dockerfile"
+
+        outpath = outdir.joinpath(outfile)
+        if not self._args.quiet:
+            print(outpath)
+
+        output = self._lcitool_run(args)
+        with open(outpath, "w") as f:
+            f.write(output)
+
+    def _generate_vars(self, host):
+        args = ["variables", host, "libvirt"]
+        outdir = self._basedir.joinpath("cirrus")
+        outfile = f"{host}.vars"
+
+        outpath = outdir.joinpath(outfile)
+        if not self._args.quiet:
+            print(outpath)
+
+        output = self._lcitool_run(args)
+        with open(outpath, "w") as f:
+            f.write(output)
+
+    def _refresh_containers(self):
+        debian_cross = [
+            "aarch64",
+            "armv6l",
+            "armv7l",
+            "i686",
+            "mips",
+            "mips64el",
+            "mipsel",
+            "ppc64le",
+            "s390x",
+        ]
+        fedora_cross = [
+            "mingw32",
+            "mingw64",
+        ]
+
+        for host in self._lcitool_get_hosts():
+            if host.startswith("freebsd-") or host.startswith("macos-"):
+                continue
+
+            self._generate_dockerfile(host)
+
+            if host == "fedora-rawhide":
+                for cross in fedora_cross:
+                    self._generate_dockerfile(host, cross)
+
+            if host.startswith("debian-"):
+                for cross in debian_cross:
+                    if host == "debian-sid" and cross == "mips":
+                        continue
+                    self._generate_dockerfile(host, cross)
+
+    def _refresh_cirrus(self):
+        for host in self._lcitool_get_hosts():
+            if not (host.startswith("freebsd-") or host.startswith("macos-")):
+                continue
+
+            self._generate_vars(host)
+
+    def _check_stale_images(self):
+        namespace = self._args.namespace
+        gitlab_uri = self._args.gitlab_uri
+        registry_uri = util.get_registry_uri(namespace, gitlab_uri)
+        lcitool_hosts = self._lcitool_get_hosts()
+
+        stale_images = util.get_registry_stale_images(registry_uri,
+                                                      lcitool_hosts)
+        if stale_images:
+            spacing = "\n" + 4 * " "
+            stale_fmt = [f"{k} (ID: {v})" for k, v in stale_images.items()]
+            stale_details = spacing.join(stale_fmt)
+            stale_ids = ' '.join([str(id) for id in stale_images.values()])
+            registry_uri = util.get_registry_uri(namespace, gitlab_uri)
+
+            msg = textwrap.dedent(f"""
+                The following images are stale and can be purged from the registry:
+
+                    STALE_DETAILS
+
+                You can delete the images listed above using this shell snippet:
+
+                    $ for image_id in {stale_ids}; do
+                          curl --request DELETE --header "PRIVATE-TOKEN: <access_token>" \\
+                               {registry_uri}/$image_id;
+                      done
+
+                You can generate a personal access token here:
+
+                    {gitlab_uri}/-/profile/personal_access_tokens
+            """)
+            print(msg.replace("STALE_DETAILS", stale_details))
+
+    def _action_build(self):
+        self._make_run(f"ci-build@{self._args.target}")
+
+    def _action_test(self):
+        self._make_run(f"ci-test@{self._args.target}")
+
+    def _action_shell(self):
+        self._make_run(f"ci-shell@{self._args.target}")
+
+    def _action_list_images(self):
+        registry_uri = util.get_registry_uri(self._args.namespace,
+                                             self._args.gitlab_uri)
+        images = util.get_registry_images(registry_uri)
+
+        # skip the "ci-" prefix each of our container images' name has
+        name_prefix = "ci-"
+        names = [i["name"][len(name_prefix):] for i in images]
+        names.sort()
+
+        native = [name for name in names if "-cross-" not in name]
+        cross = [name for name in names if "-cross-" in name]
+
+        spacing = 4 * " "
+        print("Available x86 container images:\n")
+        print(spacing + ("\n" + spacing).join(native))
+
+        if cross:
+            print()
+            print("Available cross-compiler container images:\n")
+            print(spacing + ("\n" + spacing).join(cross))
+
+    def _action_refresh(self):
+        self._refresh_containers()
+        self._refresh_cirrus()
+
+        if self._args.check_stale == "yes" and not self._args.quiet:
+            self._check_stale_images()
+
+    def run(self):
+        self._args.func(self)
+
+
+if __name__ == "__main__":
+    Application().run()
--- a/ci/list-images.sh
+++ b/ci/list-images.sh
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-prefix="${1##registry.gitlab.com/}"
-
-PROJECT_ID=192693
-
-all_repos() {
-  curl -s "https://gitlab.com/api/v4/projects/$PROJECT_ID/registry/repositories?per_page=100" \
-    | tr , '\n' | grep '"path":' | sed 's,"path":",,g;s,"$,,g'
-}
-
-all_repos | grep "^$prefix" | sed "s,^$prefix,,g" | while read repo; do
-    echo "    $repo"
-done | sort -u
--- a/ci/prepare.sh
+++ b/ci/prepare.sh
@@ -1,13 +0,0 @@
-# This script is used to prepare the environment that will be used
-# to build libvirt inside the container.
-#
-# You can customize it to your liking, or alternatively use a
-# completely different script by passing
-#
-#  CI_PREPARE_SCRIPT=/path/to/your/prepare/script
-#
-# to make.
-#
-# Note that this script will have root privileges inside the
-# container, so it can be used for things like installing additional
-# packages.
--- a/ci/util.py
+++ b/ci/util.py
@@ -0,0 +1,81 @@
+import json
+import urllib.request
+import urllib.parse
+
+from typing import Dict, List
+
+
+def get_registry_uri(namespace: str,
+                     gitlab_uri: str = "https://gitlab.com") -> str:
+    """
+    Construct a v4 API URI pointing the namespaced project's image registry.
+
+    :param namespace: GitLab project namespace, e.g. "libvirt/libvirt"
+    :param gitlab_uri: GitLab base URI, can be a private deployment
+    :param api_version: GitLab REST API version number
+    :return: URI pointing to a namespaced project's image registry
+    """
+
+    # this converts something like "libvirt/libvirt" to "libvirt%2Flibvirt"
+    namespace_urlenc = urllib.parse.quote_plus(namespace)
+
+    project_uri = f"{gitlab_uri}/api/v4/projects/{namespace_urlenc}"
+
+    uri = project_uri + "/registry/repositories"
+    return uri
+
+
+def get_registry_images(uri: str) -> List[Dict]:
+    """
+    List all container images that are currently available in the given GitLab
+    project.
+
+    :param uri: URI pointing to a GitLab instance's image registry
+    :return: list of container image names
+    """
+
+    r = urllib.request.urlopen(uri + "?per_page=100")
+
+    # read the HTTP response and load the JSON part of it
+    return json.loads(r.read().decode())
+
+
+def get_image_distro(image_name: str) -> str:
+    """
+    Extract the name of the distro in the GitLab image registry name, e.g.
+        ci-debian-9-cross-mipsel --> debian-9
+
+    :param image_name: name of the GitLab registry image
+    :return: distro name as a string
+    """
+    name_prefix = "ci-"
+    name_suffix = "-cross-"
+
+    distro = image_name[len(name_prefix):]
+
+    index = distro.find(name_suffix)
+    if index > 0:
+        distro = distro[:index]
+
+    return distro
+
+
+def get_registry_stale_images(registry_uri: str,
+                              supported_distros: List[str]) -> Dict[str, int]:
+    """
+    Check the GitLab image registry for images that we no longer support and
+    which should be deleted.
+
+    :param uri: URI pointing to a GitLab instance's image registry
+    :param supported_distros: list of hosts supported by lcitool
+    :return: dictionary formatted as: {<gitlab_image_name>: <gitlab_image_id>}
+    """
+
+    images = get_registry_images(registry_uri)
+
+    stale_images = {}
+    for img in images:
+        if get_image_distro(img["name"]) not in supported_distros:
+            stale_images[img["name"]] = img["id"]
+
+    return stale_images
--- a/config.h
+++ b/config.h
@@ -25,10 +25,6 @@
 # define _FORTIFY_SOURCE 2
 #endif

-#ifndef __GNUC__
-# error "Libvirt requires GCC >= 4.8, or CLang"
-#endif
-
 /*
 * Define __GNUC_PREREQ to a sane default if it isn't yet defined.
 * This is done here so that it's included as early as possible;
@@ -41,16 +37,16 @@
 #if defined(__clang_major__) && defined(__clang_minor__)
 # ifdef __apple_build_version__
 #  if __clang_major__ < 5 || (__clang_major__ == 5 && __clang_minor__ < 1)
-#   error You need at least XCode Clang v5.1 to compile QEMU
+#   error You need at least XCode Clang v5.1 to compile libvirt
 #  endif
 # else
 #  if __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 4)
-#   error You need at least Clang v3.4 to compile QEMU
+#   error You need at least Clang v3.4 to compile libvirt
 #  endif
 # endif
 #elif defined(__GNUC__) && defined(__GNUC_MINOR__)
 # if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)
-#  error You need at least GCC v4.8 to compile QEMU
+#  error You need at least GCC v4.8 to compile libvirt
 # endif
 #else
 # error You either need at least GCC 4.8 or Clang 3.4 or XCode Clang 5.1 to compile libvirt
--- a/docs/acl.html.in
+++ b/docs/acl.html.in
@@ -50,7 +50,7 @@
      control technologies. By default, the <code>none</code>
      driver is used, which does no access control checks at
      all. At this time, libvirt ships with support for using
-      <a href="http://www.freedesktop.org/wiki/Software/polkit/">polkit</a> as a real access
+      <a href="https://www.freedesktop.org/wiki/Software/polkit/">polkit</a> as a real access
      control driver. To learn how to use the polkit access
      driver consult <a href="aclpolkit.html">the configuration
      docs</a>.
--- a/docs/aclpolkit.html.in
+++ b/docs/aclpolkit.html.in
@@ -1,523 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Polkit access control</h1>
-
-    <p>
-      Libvirt's client <a href="acl.html">access control framework</a> allows
-      administrators to setup fine grained permission rules across client users,
-      managed objects and API operations. This allows client connections
-      to be locked down to a minimal set of privileges. The polkit driver
-      provides a simple implementation of the access control framework.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="intro">Introduction</a></h2>
-
-    <p>
-      A default install of libvirt will typically use
-      <a href="http://www.freedesktop.org/wiki/Software/polkit/">polkit</a>
-      to authenticate the initial user connection to libvirtd. This is a
-      very coarse grained check though, either allowing full read-write
-      access to all APIs, or just read-only access. The polkit access
-      control driver in libvirt builds on this capability to allow for
-      fine grained control over the operations a user may perform on an
-      object.
-    </p>
-
-    <h2><a id="perms">Permission names</a></h2>
-
-    <p>
-      The libvirt <a href="acl.html#perms">object names and permission names</a>
-      are mapped onto polkit action names using the simple pattern:
-    </p>
-
-    <pre>org.libvirt.api.$object.$permission
-</pre>
-
-    <p>
-      The only caveat is that any underscore characters in the
-      object or permission names are converted to hyphens. So,
-      for example, the <code>search_storage_vols</code> permission
-      on the <code>storage_pool</code> object maps to the polkit
-      action:
-    </p>
-    <pre>org.libvirt.api.storage-pool.search-storage-vols
-</pre>
-
-    <p>
-      The default policy for any permission which corresponds to
-      a "read only" operation, is to allow access. All other
-      permissions default to deny access.
-    </p>
-
-    <h2><a id="attrs">Object identity attributes</a></h2>
-
-    <p>
-      To allow polkit authorization rules to be written to match
-      against individual object instances, libvirt provides a number
-      of authorization detail attributes when performing a permission
-      check. The set of attributes varies according to the type
-      of object being checked
-    </p>
-
-    <h3><a id="object_connect">virConnectPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_domain">virDomainPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>domain_name</td>
-          <td>Name of the domain, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>domain_uuid</td>
-          <td>UUID of the domain, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_interface">virInterfacePtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>interface_name</td>
-          <td>Name of the network interface, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>interface_macaddr</td>
-          <td>MAC address of the network interface, not unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_network">virNetworkPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>network_name</td>
-          <td>Name of the network, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>network_uuid</td>
-          <td>UUID of the network, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_node_device">virNodeDevicePtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>node_device_name</td>
-          <td>Name of the node device, unique to the local host</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_nwfilter">virNWFilterPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>nwfilter_name</td>
-          <td>Name of the network filter, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>nwfilter_uuid</td>
-          <td>UUID of the network filter, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_secret">virSecretPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>secret_uuid</td>
-          <td>UUID of the secret, globally unique</td>
-        </tr>
-        <tr>
-          <td>secret_usage_volume</td>
-          <td>Name of the associated volume, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_ceph</td>
-          <td>Name of the associated Ceph server, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_target</td>
-          <td>Name of the associated iSCSI target, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_name</td>
-          <td>Name of the associated TLS secret, if any</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_storage_pool">virStoragePoolPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_storage_vol">virStorageVolPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-        <tr>
-          <td>vol_name</td>
-          <td>Name of the storage volume, unique to the pool</td>
-        </tr>
-        <tr>
-          <td>vol_key</td>
-          <td>Key of the storage volume, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h2><a id="connect_driver">Hypervisor Driver connect_driver</a></h2>
-    <p>
-      The <code>connect_driver</code> parameter describes the
-      client's <a href="remote.html">remote Connection Driver</a>
-      name based on the <a href="uri.html">URI</a> used for the
-      connection.
-    </p>
-    <p>
-      <span class="since">Since 4.1.0</span>, when calling an API
-      outside the scope of the primary connection driver, the
-      primary driver will attempt to open a secondary connection
-      to the specific API driver in order to process the API. For
-      example, when hypervisor domain processing needs to make an
-      API call within the storage driver or the network filter driver
-      an attempt to open a connection to the "storage" or "nwfilter"
-      driver will be made. Similarly, a "storage" primary connection
-      may need to create a connection to the "secret" driver in order
-      to process secrets for the API. If successful, then calls to
-      those API's will occur in the <code>connect_driver</code> context
-      of the secondary connection driver rather than in the context of
-      the primary driver. This affects the <code>connect_driver</code>
-      returned from rule generation from the <code>action.loookup</code>
-      function. The following table provides a list of the various
-      connection drivers and the <code>connect_driver</code> name
-      used by each regardless of primary or secondary connection.
-      The access denied error message from libvirt will list the
-      connection driver by name that denied the access.
-    </p>
-
-    <h3><a id="object_connect_driver">Connection Driver Name</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Connection Driver</th>
-          <th><code>connect_driver</code> name</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>bhyve</td>
-          <td>bhyve</td>
-        </tr>
-        <tr>
-          <td>esx</td>
-          <td>ESX</td>
-        </tr>
-        <tr>
-          <td>hyperv</td>
-          <td>Hyper-V</td>
-        </tr>
-        <tr>
-          <td>interface</td>
-          <td>interface</td>
-        </tr>
-        <tr>
-          <td>xen</td>
-          <td>Xen</td>
-        </tr>
-        <tr>
-          <td>lxc</td>
-          <td>LXC</td>
-        </tr>
-        <tr>
-          <td>network</td>
-          <td>network</td>
-        </tr>
-        <tr>
-          <td>nodedev</td>
-          <td>nodedev</td>
-        </tr>
-        <tr>
-          <td>nwfilter</td>
-          <td>NWFilter</td>
-        </tr>
-        <tr>
-          <td>openvz</td>
-          <td>OPENVZ</td>
-        </tr>
-        <tr>
-          <td>qemu</td>
-          <td>QEMU</td>
-        </tr>
-        <tr>
-          <td>secret</td>
-          <td>secret</td>
-        </tr>
-        <tr>
-          <td>storage</td>
-          <td>storage</td>
-        </tr>
-        <tr>
-          <td>vbox</td>
-          <td>VBOX</td>
-        </tr>
-        <tr>
-          <td>vmware</td>
-          <td>VMWARE</td>
-        </tr>
-        <tr>
-          <td>vz</td>
-          <td>vz</td>
-        </tr>
-      </tbody>
-    </table>
-
-
-    <h2><a id="user">User identity attributes</a></h2>
-
-    <p>
-      At this point in time, the only attribute provided by
-      libvirt to identify the user invoking the operation
-      is the PID of the client program. This means that the
-      polkit access control driver is only useful if connections
-      to libvirt are restricted to its UNIX domain socket. If
-      connections are being made to a TCP socket, no identifying
-      information is available and access will be denied.
-      Also note that if the client is connecting via an SSH
-      tunnel, it is the local SSH user that will be identified.
-      In future versions, it is expected that more information
-      about the client user will be provided, including the
-      SASL / Kerberos username and/or x509 distinguished
-      name obtained from the authentication provider in use.
-    </p>
-
-
-    <h2><a id="checks">Writing access control policies</a></h2>
-
-    <p>
-      If using versions of polkit prior to 0.106 then it is only
-      possible to validate (user, permission) pairs via the <code>.pkla</code>
-      files. Fully validation of the (user, permission, object) triple
-      requires the new JavaScript <code>.rules</code> support that
-      was introduced in version 0.106. The latter is what will be
-      described here.
-    </p>
-
-    <p>
-      Libvirt does not ship any rules files by default. It merely
-      provides a definition of the default behaviour for each
-      action (permission). As noted earlier, permissions which
-      correspond to read-only operations in libvirt will be allowed
-      to all users by default; everything else is denied by default.
-      Defining custom rules requires creation of a file in the
-      <code>/etc/polkit-1/rules.d</code> directory with a name
-      chosen by the administrator (<code>100-libvirt-acl.rules</code>
-      would be a reasonable choice). See the <code>polkit(8)</code>
-      manual page for a description of how to write these files
-      in general. The key idea is to create a file containing
-      something like
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-  ....logic to check 'action' and 'subject'...
-});
-    </pre>
-
-    <p>
-      In this code snippet above, the <code>action</code> object
-      instance will represent the libvirt permission being checked
-      along with identifying attributes for the object it is being
-      applied to. The <code>subject</code> meanwhile will identify
-      the libvirt client app (with the caveat above about it only
-      dealing with local clients connected via the UNIX socket).
-      On the <code>action</code> object, the permission name is
-      accessible via the <code>id</code> attribute, while the
-      object identifying attributes are exposed via the
-      <code>lookup</code> method.
-    </p>
-
-    <p>
-    See
-    <a href="https://gitlab.com/libvirt/libvirt/-/tree/master/examples/polkit">source code</a>
-    for a more complex example.
-    </p>
-
-    <h3><a id="exconnect">Example: restricting ability to connect to drivers</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      use the <code>QEMU</code> driver and not the Xen or LXC
-      drivers which are also available in libvirtd.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>QEMU</code>, and match on an action
-      name of <code>org.libvirt.api.connect.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.connect.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'QEMU') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-
-    <h3><a id="exdomain">Example: restricting access to a single domain</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      see the domain called <code>demo</code> on the LXC driver.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>LXC</code> and the <code>domain_name</code>
-      attribute is <code>demo</code>, and match on an action
-      name of <code>org.libvirt.api.domain.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.domain.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'LXC' &amp;&amp;
-              action.lookup("domain_name") == 'demo') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-  </body>
-</html>
--- a/docs/aclpolkit.rst
+++ b/docs/aclpolkit.rst
@@ -0,0 +1,310 @@
+.. role:: since
+
+=====================
+Polkit access control
+=====================
+
+Libvirt's client `access control framework <acl.html>`__ allows
+administrators to setup fine grained permission rules across client
+users, managed objects and API operations. This allows client
+connections to be locked down to a minimal set of privileges. The polkit
+driver provides a simple implementation of the access control framework.
+
+.. contents::
+
+Introduction
+------------
+
+A default install of libvirt will typically use
+`polkit <https://www.freedesktop.org/wiki/Software/polkit/>`__ to
+authenticate the initial user connection to libvirtd. This is a very
+coarse grained check though, either allowing full read-write access to
+all APIs, or just read-only access. The polkit access control driver in
+libvirt builds on this capability to allow for fine grained control over
+the operations a user may perform on an object.
+
+Permission names
+----------------
+
+The libvirt `object names and permission names <acl.html#perms>`__ are
+mapped onto polkit action names using the simple pattern:
+
+::
+
+   org.libvirt.api.$object.$permission
+
+The only caveat is that any underscore characters in the object or
+permission names are converted to hyphens. So, for example, the
+``search_storage_vols`` permission on the ``storage_pool`` object maps
+to the polkit action:
+
+::
+
+   org.libvirt.api.storage-pool.search-storage-vols
+
+The default policy for any permission which corresponds to a "read only"
+operation, is to allow access. All other permissions default to deny
+access.
+
+Object identity attributes
+--------------------------
+
+To allow polkit authorization rules to be written to match against
+individual object instances, libvirt provides a number of authorization
+detail attributes when performing a permission check. The set of
+attributes varies according to the type of object being checked
+
+virConnectPtr
+~~~~~~~~~~~~~
+
+============== =====================================
+Attribute      Description
+============== =====================================
+connect_driver Name of the libvirt connection driver
+============== =====================================
+
+virDomainPtr
+~~~~~~~~~~~~
+
+============== ============================================
+Attribute      Description
+============== ============================================
+connect_driver Name of the libvirt connection driver
+domain_name    Name of the domain, unique to the local host
+domain_uuid    UUID of the domain, globally unique
+============== ============================================
+
+virInterfacePtr
+~~~~~~~~~~~~~~~
+
+-------------------+---------------------------------------------------------+
+| Attribute         | Description                                             |
+===================+=========================================================+
+| connect_driver    | Name of the libvirt connection driver                   |
+-------------------+---------------------------------------------------------+
+| interface_name    | Name of the network interface, unique to the local host |
+-------------------+---------------------------------------------------------+
+| interface_macaddr | MAC address of the network interface, not unique        |
+-------------------+---------------------------------------------------------+
+
+virNetworkPtr
+~~~~~~~~~~~~~
+
+============== =============================================
+Attribute      Description
+============== =============================================
+connect_driver Name of the libvirt connection driver
+network_name   Name of the network, unique to the local host
+network_uuid   UUID of the network, globally unique
+============== =============================================
+
+virNodeDevicePtr
+~~~~~~~~~~~~~~~~
+
+================ =================================================
+Attribute        Description
+================ =================================================
+connect_driver   Name of the libvirt connection driver
+node_device_name Name of the node device, unique to the local host
+================ =================================================
+
+virNWFilterPtr
+~~~~~~~~~~~~~~
+
+============== ====================================================
+Attribute      Description
+============== ====================================================
+connect_driver Name of the libvirt connection driver
+nwfilter_name  Name of the network filter, unique to the local host
+nwfilter_uuid  UUID of the network filter, globally unique
+============== ====================================================
+
+virSecretPtr
+~~~~~~~~~~~~
+
+=================== ===========================================
+Attribute           Description
+=================== ===========================================
+connect_driver      Name of the libvirt connection driver
+secret_uuid         UUID of the secret, globally unique
+secret_usage_volume Name of the associated volume, if any
+secret_usage_ceph   Name of the associated Ceph server, if any
+secret_usage_target Name of the associated iSCSI target, if any
+secret_usage_name   Name of the associated TLS secret, if any
+=================== ===========================================
+
+virStoragePoolPtr
+~~~~~~~~~~~~~~~~~
+
+============== ==================================================
+Attribute      Description
+============== ==================================================
+connect_driver Name of the libvirt connection driver
+pool_name      Name of the storage pool, unique to the local host
+pool_uuid      UUID of the storage pool, globally unique
+============== ==================================================
+
+virStorageVolPtr
+~~~~~~~~~~~~~~~~
+
+============== ==================================================
+Attribute      Description
+============== ==================================================
+connect_driver Name of the libvirt connection driver
+pool_name      Name of the storage pool, unique to the local host
+pool_uuid      UUID of the storage pool, globally unique
+vol_name       Name of the storage volume, unique to the pool
+vol_key        Key of the storage volume, globally unique
+============== ==================================================
+
+Hypervisor Driver connect_driver
+--------------------------------
+
+The ``connect_driver`` parameter describes the client's `remote
+Connection Driver <remote.html>`__ name based on the `URI <uri.html>`__
+used for the connection.
+
+:since:`Since 4.1.0`, when calling an API outside the scope of the primary
+connection driver, the primary driver will attempt to open a secondary
+connection to the specific API driver in order to process the API. For
+example, when hypervisor domain processing needs to make an API call
+within the storage driver or the network filter driver an attempt to
+open a connection to the "storage" or "nwfilter" driver will be made.
+Similarly, a "storage" primary connection may need to create a
+connection to the "secret" driver in order to process secrets for the
+API. If successful, then calls to those API's will occur in the
+``connect_driver`` context of the secondary connection driver rather
+than in the context of the primary driver. This affects the
+``connect_driver`` returned from rule generation from the
+``action.loookup`` function. The following table provides a list of the
+various connection drivers and the ``connect_driver`` name used by each
+regardless of primary or secondary connection. The access denied error
+message from libvirt will list the connection driver by name that denied
+the access.
+
+Connection Driver Name
+~~~~~~~~~~~~~~~~~~~~~~
+
+================= =======================
+Connection Driver ``connect_driver`` name
+================= =======================
+bhyve             bhyve
+esx               ESX
+hyperv            Hyper-V
+interface         interface
+xen               Xen
+lxc               LXC
+network           network
+nodedev           nodedev
+nwfilter          NWFilter
+openvz            OPENVZ
+qemu              QEMU
+secret            secret
+storage           storage
+vbox              VBOX
+vmware            VMWARE
+vz                vz
+================= =======================
+
+User identity attributes
+------------------------
+
+At this point in time, the only attribute provided by libvirt to
+identify the user invoking the operation is the PID of the client
+program. This means that the polkit access control driver is only useful
+if connections to libvirt are restricted to its UNIX domain socket. If
+connections are being made to a TCP socket, no identifying information
+is available and access will be denied. Also note that if the client is
+connecting via an SSH tunnel, it is the local SSH user that will be
+identified. In future versions, it is expected that more information
+about the client user will be provided, including the SASL / Kerberos
+username and/or x509 distinguished name obtained from the authentication
+provider in use.
+
+Writing access control policies
+-------------------------------
+
+If using versions of polkit prior to 0.106 then it is only possible to
+validate (user, permission) pairs via the ``.pkla`` files. Fully
+validation of the (user, permission, object) triple requires the new
+JavaScript ``.rules`` support that was introduced in version 0.106. The
+latter is what will be described here.
+
+Libvirt does not ship any rules files by default. It merely provides a
+definition of the default behaviour for each action (permission). As
+noted earlier, permissions which correspond to read-only operations in
+libvirt will be allowed to all users by default; everything else is
+denied by default. Defining custom rules requires creation of a file in
+the ``/etc/polkit-1/rules.d`` directory with a name chosen by the
+administrator (``100-libvirt-acl.rules`` would be a reasonable choice).
+See the ``polkit(8)`` manual page for a description of how to write
+these files in general. The key idea is to create a file containing
+something like
+
+::
+
+   polkit.addRule(function(action, subject) {
+     ....logic to check 'action' and 'subject'...
+   });
+
+In this code snippet above, the ``action`` object instance will
+represent the libvirt permission being checked along with identifying
+attributes for the object it is being applied to. The ``subject``
+meanwhile will identify the libvirt client app (with the caveat above
+about it only dealing with local clients connected via the UNIX socket).
+On the ``action`` object, the permission name is accessible via the
+``id`` attribute, while the object identifying attributes are exposed
+via the ``lookup`` method.
+
+See `source
+code <https://gitlab.com/libvirt/libvirt/-/tree/master/examples/polkit>`__
+for a more complex example.
+
+Example: restricting ability to connect to drivers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Consider a local user ``berrange`` who has been granted permission to
+connect to libvirt in full read-write mode. The goal is to only allow
+them to use the ``QEMU`` driver and not the Xen or LXC drivers which are
+also available in libvirtd. To achieve this we need to write a rule
+which checks whether the ``connect_driver`` attribute is ``QEMU``, and
+match on an action name of ``org.libvirt.api.connect.getattr``. Using
+the javascript rules format, this ends up written as
+
+::
+
+   polkit.addRule(function(action, subject) {
+       if (action.id == "org.libvirt.api.connect.getattr" &&
+           subject.user == "berrange") {
+             if (action.lookup("connect_driver") == 'QEMU') {
+               return polkit.Result.YES;
+             } else {
+               return polkit.Result.NO;
+             }
+       }
+   });
+
+Example: restricting access to a single domain
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Consider a local user ``berrange`` who has been granted permission to
+connect to libvirt in full read-write mode. The goal is to only allow
+them to see the domain called ``demo`` on the LXC driver. To achieve
+this we need to write a rule which checks whether the ``connect_driver``
+attribute is ``LXC`` and the ``domain_name`` attribute is ``demo``, and
+match on an action name of ``org.libvirt.api.domain.getattr``. Using the
+javascript rules format, this ends up written as
+
+::
+
+   polkit.addRule(function(action, subject) {
+       if (action.id == "org.libvirt.api.domain.getattr" &&
+           subject.user == "berrange") {
+             if (action.lookup("connect_driver") == 'LXC' &&
+                 action.lookup("domain_name") == 'demo') {
+               return polkit.Result.YES;
+             } else {
+               return polkit.Result.NO;
+             }
+       }
+   });
--- a/docs/advanced-tests.rst
+++ b/docs/advanced-tests.rst
@@ -18,7 +18,7 @@ by running

  $ meson test --setup valgrind

-`Valgrind <http://valgrind.org/>`__ is a test that checks for
+`Valgrind <https://valgrind.org/>`__ is a test that checks for
 memory management issues, such as leaks or use of uninitialized
 variables.

@@ -26,13 +26,7 @@ Some tests are skipped by default in a development environment,
 based on the time they take in comparison to the likelihood
 that those tests will turn up problems during incremental
 builds. These tests default to being run when building from a
-tarball or with the configure option -Dexpensive_tests=enabled;
-you can also force a one-time toggle of these tests by setting
-VIR_TEST_EXPENSIVE to 0 or 1 at make time, as in:
-
-::
-
-  $ VIR_TEST_EXPENSIVE=1 ninja test
+tarball or with the configure option -Dexpensive_tests=enabled.

 If you encounter any failing tests, the VIR_TEST_DEBUG
 environment variable may provide extra information to debug the
@@ -160,7 +154,7 @@ filter. The filter should be unique enough to not suppress real
 leaks, but it should be generic enough to cover multiple code
 paths. The format of the entry can be found in the
 documentation found at the `Valgrind home
-page <http://valgrind.org/>`__. The following trace was added
+page <https://valgrind.org/>`__. The following trace was added
 to ``tests/.valgrind.supp`` in order to suppress the warning:

 ::
--- a/docs/api.html.in
+++ b/docs/api.html.in
@@ -1,380 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>The libvirt API concepts</h1>
-
-    <p> This page describes the main principles and architecture choices
-    behind the definition of the libvirt API:</p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="Objects">Objects Exposed</a></h2>
-    <p> As defined in the <a href="goals.html">goals section</a>, the libvirt
-    API is designed to expose all the resources needed to manage the
-    virtualization support of recent operating systems. The first object
-    manipulated through the API is the <code>virConnectPtr</code>, which
-    represents the connection to a hypervisor. Any application using libvirt
-    is likely to start using the
-    API by calling one of <a href="html/libvirt-libvirt-host.html#virConnectOpen"
-    >the virConnectOpen functions</a>. You will note that those functions take
-    a name argument which is actually a <a href="uri.html">connection URI</a>
-    to select the right hypervisor to open.
-    A URI is needed to allow remote connections and also select between
-    different possible hypervisors. For example, on a Linux system it may be
-    possible to use both KVM and LinuxContainers on the same node. A NULL
-    name will default to a preselected hypervisor, but it's probably not a
-    wise thing to do in most cases. See the <a href="uri.html">connection
-    URI</a> page for a full descriptions of the values allowed.</p>
-    <p> OnDevice the application obtains a
-      <a href="/html/libvirt-libvirt-host.html#virConnectPtr">
-        <code>virConnectPtr</code>
-      </a>
-    connection to the hypervisor it can then use it to manage the hypervisor's
-    available domains and related virtualization
-    resources, such as storage and networking. All those are
-    exposed as first class objects and connected to the hypervisor connection
-    (and the node or cluster where it is available).</p>
-    <p class="image">
-      <img alt="first class objects exposed by the API"
-           src="libvirt-object-model.png"/>
-    </p>
-    <p> The figure above shows the five main objects exported by the API:</p>
-    <ul>
-      <li>
-        <a href="html/libvirt-libvirt-host.html#virConnectPtr">
-          <code>virConnectPtr</code>
-        </a>
-      <p>Represents the connection to a hypervisor. Use one of the
-      <a href="html/libvirt-libvirt-host.html#virConnectOpen">virConnectOpen</a>
-      functions to obtain connection to the hypervisor which is then used
-      as a parameter to other connection API's.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-domain.html#virDomainPtr">
-          <code>virDomainPtr</code>
-        </a>
-      <p>Represents one domain either active or defined (i.e. existing as
-      permanent config file and storage but not currently running on that
-      node). The function
-        <a href="html/libvirt-libvirt-domain.html#virConnectListAllDomains">
-          <code>virConnectListAllDomains</code>
-        </a>
-      lists all the domains for the hypervisor.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-network.html#virNetworkPtr">
-          <code>virNetworkPtr</code>
-        </a>
-      <p>Represents one network either active or defined (i.e. existing
-      as permanent config file and storage but not currently activated).
-      The function
-        <a href="html/libvirt-libvirt-network.html#virConnectListAllNetworks">
-          <code>virConnectListAllNetworks</code>
-        </a>
-      lists all the virtualization networks for the hypervisor.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-storage.html#virStorageVolPtr">
-          <code>virStorageVolPtr</code>
-        </a>
-      <p>Represents one storage volume generally used
-      as a block device available to one of the domains. The function
-        <a href="html/libvirt-libvirt-storage.html#virStorageVolLookupByPath">
-          <code>virStorageVolLookupByPath</code>
-        </a>
-      finds the storage volume object based on its path on the node.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-storage.html#virStoragePoolPtr">
-          <code>virStoragePoolPtr</code>
-        </a>
-      <p>Represents a storage pool, which is a logical area
-      used to allocate and store storage volumes. The function
-        <a href="html/libvirt-libvirt-storage.html#virConnectListAllStoragePools">
-          <code>virConnectListAllStoragePools</code>
-        </a>
-      lists all of the virtualization storage pools on the hypervisor.
-      The function
-        <a href="html/libvirt-libvirt-storage.html#virStoragePoolLookupByVolume">
-          <code>virStoragePoolLookupByVolume</code>
-        </a>
-      finds the storage pool containing a given storage volume.</p></li>
-    </ul>
-    <p> Most objects manipulated by the library can also be represented using
-      XML descriptions. This is used primarily to create those object, but is
-      also helpful to modify or save their description back.</p>
-    <p> Domains, networks, and storage pools can be either <code>active</code>
-      i.e. either running or available for immediate use, or
-      <code>defined</code> in which case they are inactive but there is
-      a permanent definition available in the system for them. Based on this
-      they can be activated dynamically in order to be used.</p>
-    <p> Most objects can also be named in various ways:</p>
-    <ul>
-      <li><code>name</code>
-      <p>A user friendly identifier but whose uniqueness
-      cannot be guaranteed between two nodes.</p></li>
-      <li><code>ID</code>
-      <p>A runtime unique identifier
-      provided by the hypervisor for one given activation of the object;
-      however, it becomes invalid once the resource is deactivated.</p></li >
-      <li><code>UUID</code>
-      <p> A 16 byte unique identifier
-      as defined in <a href="http://www.ietf.org/rfc/rfc4122.txt">RFC 4122</a>,
-      which is guaranteed to be unique for long term usage and across a
-      set of nodes.</p></li>
-    </ul>
-
-    <h2><a id="Functions">Functions and Naming Conventions</a></h2>
-    <p> The naming of the functions present in the library is usually
-      composed by a prefix describing the object associated to the function
-      and a verb describing the action on that object.</p>
-    <p> For each first class object you will find APIs
-      for the following actions:</p>
-    <ul>
-      <li><b>Lookup</b> [...LookupBy...]
-      <p>Used to perform lookups on objects by some type of identifier,
-      such as:</p>
-          <ul>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByID">
-                <code>virDomainLookupByID</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByName">
-                <code>virDomainLookupByName</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByUUID">
-                <code>virDomainLookupByUUID</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByUUIDString">
-                <code>virDomainLookupByUUIDString</code>
-              </a>
-            </li>
-          </ul>
-      </li>
-      <li><b>Enumeration</b> [virConnectList..., virConnectNumOf...]
-      <p>Used to enumerate a set of object available to a given
-      hypervisor connection such as:</p>
-          <ul>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virConnectListDomains">
-                <code>virConnectListDomains</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virConnectNumOfDomains">
-                <code>virConnectNumOfDomains</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-network.html#virConnectListNetworks">
-                <code>virConnectListNetworks</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-storage.html#virConnectListStoragePools">
-                <code>virConnectListStoragePools</code>
-              </a>
-            </li>
-          </ul>
-      </li>
-      <li><b>Description</b> [...GetInfo]
-      <p>Generic accessor providing a set of generic information about an
-      object, such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-host.html#virNodeGetInfo">
-              <code>virNodeGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetInfo">
-              <code>virDomainGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolGetInfo">
-              <code>virStoragePoolGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStorageVolGetInfo">
-              <code>virStorageVolGetInfo</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-      <li><b>Accessors</b> [...Get..., ...Set...]
-      <p>Specific accessors used to query or modify data for the given object,
-      such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-host.html#virConnectGetType">
-              <code>virConnectGetType</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetMaxMemory">
-              <code>virDomainGetMaxMemory</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainSetMemory">
-              <code>virDomainSetMemory</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetVcpus">
-              <code>virDomainGetVcpus</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolSetAutostart">
-              <code>virStoragePoolSetAutostart</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkGetBridgeName">
-              <code>virNetworkGetBridgeName</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-      <li><b>Creation</b> [...Create, ...CreateXML]
-      <p>Used to create and start objects.  The ...CreateXML APIs will create
-      the object based on an XML description, while the ...Create APIs will
-      create the object based on existing object pointer, such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainCreate">
-              <code>virDomainCreate</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainCreateXML">
-              <code>virDomainCreateXML</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkCreate">
-              <code>virNetworkCreate</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkCreateXML">
-              <code>virNetworkCreateXML</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-      <li><b>Destruction</b> [...Destroy]
-      <p>Used to shutdown or deactivate and destroy objects, such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainDestroy">
-              <code>virDomainDestroy</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkDestroy">
-              <code>virNetworkDestroy</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolDestroy">
-              <code>virStoragePoolDestroy</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-    </ul>
-    <p>Note: functions returning vir*Ptr (like the virDomainLookup functions)
-    allocate memory which needs to be freed by the caller by the corresponding
-    vir*Free function (e.g. virDomainFree for a virDomainPtr object).
-    </p>
-    <p> For more in-depth details of the storage related APIs see
-      <a href="storage.html">the storage management page</a>.
-    </p>
-    <h2><a id="Drivers">The libvirt Drivers</a></h2>
-    <p>Drivers are the basic building block for libvirt functionality
-    to support the capability to handle specific hypervisor driver calls.
-    Drivers are discovered and registered during connection processing as
-    part of the
-      <a href="html/libvirt-libvirt-host.html#virInitialize">
-        <code>virInitialize</code>
-      </a>
-    API. Each driver
-    has a registration API which loads up the driver specific function
-    references for the libvirt APIs to call. The following is a simplistic
-    view of the hypervisor driver mechanism. Consider the stacked list of
-    drivers as a series of modules that can be plugged into the architecture
-    depending on how libvirt is configured to be built.</p>
-    <p class="image">
-      <img alt="The libvirt driver architecture"
-           src="libvirt-driver-arch.png"/>
-    </p>
-    <p>The driver architecture is also used to support other virtualization
-    components such as storage, storage pools, host device, networking,
-    network interfaces, and network filters.</p>
-    <p>See the <a href="drivers.html">libvirt drivers</a> page for more
-    information on hypervisor and storage specific drivers.</p>
-    <p>Not all drivers support every virtualization function possible.
-    The <a href="hvsupport.html">libvirt API support matrix</a> lists
-    the various functions and support found in each driver by the version
-    support was added into libvirt.
-    </p>
-    <h2><a id="Remote">Daemon and Remote Access</a></h2>
-    <p>Access to libvirt drivers is primarily handled by the libvirtd
-    daemon through the <a href="remote.html">remote</a> driver via an
-    <a href="internals/rpc.html">RPC</a>. Some hypervisors do support
-    client-side connections and responses, such as Test, OpenVZ, VMware,
-    VirtualBox (vbox), ESX, Hyper-V, Xen, and Virtuozzo.
-    The libvirtd daemon service is started on the host at system boot
-    time and can also be restarted at any time by a properly privileged
-    user, such as root. The libvirtd daemon uses the same libvirt API
-    <a href="html/libvirt-libvirt-host.html#virInitialize">
-      <code>virInitialize</code>
-    </a>
-    sequence as applications
-    for client-side driver registrations, but then extends the registered
-    driver list to encompass all known drivers supported for all driver
-    types supported on the host. </p>
-    <p>The libvirt client <a href="apps.html">applications</a> use a
-    <a href="uri.html">URI</a> to obtain the <code>virConnectPtr</code>.
-    The <code>virConnectPtr</code> keeps track of the driver connection
-    plus a variety of other connections (network, interface, storage, etc.).
-    The <code>virConnectPtr</code> is then used as a parameter to other
-    virtualization <a href="#Functions">functions</a>. Depending upon the
-    driver being used, calls will be routed through the remote driver to
-    the libvirtd daemon. The daemon will reference the connection specific
-    driver in order to retrieve the requested information and then pass
-    back status and/or data through the connection back to the application.
-    The application can then decide what to do with that data, such as
-    display, write log data, etc. <a href="migration.html">Migration</a>
-    is an example of many facets of the architecture in use.</p>
-
-    <p class="image">
-      <img alt="The libvirt daemon and remote architecture"
-           src="libvirt-daemon-arch.png"/>
-    </p>
-    <p>
-    The key takeaway from the above diagram is that there is a remote driver
-    which handles transactions for a majority of the drivers. The libvirtd
-    daemon running on the host will receive transaction requests from the
-    remote driver and will then query the hypervisor driver as specified in
-    the <code>virConnectPtr</code> in order to fetch the data. The data will
-    then be returned through the remote driver to the client application
-    for processing.
-    </p>
-    <p>If you are interested in contributing to libvirt, read the
-    <a href="http://wiki.libvirt.org/page/FAQ">FAQ</a> and
-    <a href="hacking.html">hacking</a> guidelines to gain an understanding
-    of basic rules and guidelines.  In order to add new API functionality
-    follow the instructions regarding
-    <a href="api_extension.html">implementing a new API in libvirt</a>.
-    </p>
-
-  </body>
-</html>
--- a/docs/api.rst
+++ b/docs/api.rst
@@ -0,0 +1,265 @@
+========================
+The libvirt API concepts
+========================
+
+This page describes the main principles and architecture choices behind
+the definition of the libvirt API:
+
+.. contents::
+
+Objects Exposed
+---------------
+
+As defined in the `goals section <goals.html>`__, the libvirt API is
+designed to expose all the resources needed to manage the virtualization
+support of recent operating systems. The first object manipulated
+through the API is the ``virConnectPtr``, which represents the
+connection to a hypervisor. Any application using libvirt is likely to
+start using the API by calling one of `the virConnectOpen
+functions <html/libvirt-libvirt-host.html#virConnectOpen>`__. You will
+note that those functions take a name argument which is actually a
+`connection URI <uri.html>`__ to select the right hypervisor to open. A
+URI is needed to allow remote connections and also select between
+different possible hypervisors. For example, on a Linux system it may be
+possible to use both KVM and LinuxContainers on the same node. A NULL
+name will default to a preselected hypervisor, but it's probably not a
+wise thing to do in most cases. See the `connection URI <uri.html>`__
+page for a full descriptions of the values allowed.
+
+OnDevice the application obtains a
+`virConnectPtr </html/libvirt-libvirt-host.html#virConnectPtr>`__
+connection to the hypervisor it can then use it to manage the
+hypervisor's available domains and related virtualization resources,
+such as storage and networking. All those are exposed as first class
+objects and connected to the hypervisor connection (and the node or
+cluster where it is available).
+
+|first class objects exposed by the API|
+
+The figure above shows the five main objects exported by the API:
+
+-  `virConnectPtr <html/libvirt-libvirt-host.html#virConnectPtr>`__
+
+   Represents the connection to a hypervisor. Use one of the
+   `virConnectOpen <html/libvirt-libvirt-host.html#virConnectOpen>`__
+   functions to obtain connection to the hypervisor which is then used
+   as a parameter to other connection API's.
+
+-  `virDomainPtr <html/libvirt-libvirt-domain.html#virDomainPtr>`__
+
+   Represents one domain either active or defined (i.e. existing as
+   permanent config file and storage but not currently running on that
+   node). The function
+   `virConnectListAllDomains <html/libvirt-libvirt-domain.html#virConnectListAllDomains>`__
+   lists all the domains for the hypervisor.
+
+-  `virNetworkPtr <html/libvirt-libvirt-network.html#virNetworkPtr>`__
+
+   Represents one network either active or defined (i.e. existing as
+   permanent config file and storage but not currently activated). The
+   function
+   `virConnectListAllNetworks <html/libvirt-libvirt-network.html#virConnectListAllNetworks>`__
+   lists all the virtualization networks for the hypervisor.
+
+-  `virStorageVolPtr <html/libvirt-libvirt-storage.html#virStorageVolPtr>`__
+
+   Represents one storage volume generally used as a block device
+   available to one of the domains. The function
+   `virStorageVolLookupByPath <html/libvirt-libvirt-storage.html#virStorageVolLookupByPath>`__
+   finds the storage volume object based on its path on the node.
+
+-  `virStoragePoolPtr <html/libvirt-libvirt-storage.html#virStoragePoolPtr>`__
+
+   Represents a storage pool, which is a logical area used to allocate
+   and store storage volumes. The function
+   `virConnectListAllStoragePools <html/libvirt-libvirt-storage.html#virConnectListAllStoragePools>`__
+   lists all of the virtualization storage pools on the hypervisor. The
+   function
+   `virStoragePoolLookupByVolume <html/libvirt-libvirt-storage.html#virStoragePoolLookupByVolume>`__
+   finds the storage pool containing a given storage volume.
+
+Most objects manipulated by the library can also be represented using
+XML descriptions. This is used primarily to create those object, but is
+also helpful to modify or save their description back.
+
+Domains, networks, and storage pools can be either ``active`` i.e.
+either running or available for immediate use, or ``defined`` in which
+case they are inactive but there is a permanent definition available in
+the system for them. Based on this they can be activated dynamically in
+order to be used.
+
+Most objects can also be named in various ways:
+
+-  ``name``
+
+   A user friendly identifier but whose uniqueness cannot be guaranteed
+   between two nodes.
+
+-  ``ID``
+
+   A runtime unique identifier provided by the hypervisor for one given
+   activation of the object; however, it becomes invalid once the
+   resource is deactivated.
+
+-  ``UUID``
+
+   A 16 byte unique identifier as defined in `RFC
+   4122 <https://www.ietf.org/rfc/rfc4122.txt>`__, which is guaranteed
+   to be unique for long term usage and across a set of nodes.
+
+Functions and Naming Conventions
+--------------------------------
+
+The naming of the functions present in the library is usually composed
+by a prefix describing the object associated to the function and a verb
+describing the action on that object.
+
+For each first class object you will find APIs for the following
+actions:
+
+-  **Lookup** [...LookupBy...]
+
+   Used to perform lookups on objects by some type of identifier, such
+   as:
+
+   -  `virDomainLookupByID <html/libvirt-libvirt-domain.html#virDomainLookupByID>`__
+   -  `virDomainLookupByName <html/libvirt-libvirt-domain.html#virDomainLookupByName>`__
+   -  `virDomainLookupByUUID <html/libvirt-libvirt-domain.html#virDomainLookupByUUID>`__
+   -  `virDomainLookupByUUIDString <html/libvirt-libvirt-domain.html#virDomainLookupByUUIDString>`__
+
+-  **Enumeration** [virConnectList..., virConnectNumOf...]
+
+   Used to enumerate a set of object available to a given hypervisor
+   connection such as:
+
+   -  `virConnectListDomains <html/libvirt-libvirt-domain.html#virConnectListDomains>`__
+   -  `virConnectNumOfDomains <html/libvirt-libvirt-domain.html#virConnectNumOfDomains>`__
+   -  `virConnectListNetworks <html/libvirt-libvirt-network.html#virConnectListNetworks>`__
+   -  `virConnectListStoragePools <html/libvirt-libvirt-storage.html#virConnectListStoragePools>`__
+
+-  **Description** [...GetInfo]
+
+   Generic accessor providing a set of generic information about an
+   object, such as:
+
+   -  `virNodeGetInfo <html/libvirt-libvirt-host.html#virNodeGetInfo>`__
+   -  `virDomainGetInfo <html/libvirt-libvirt-domain.html#virDomainGetInfo>`__
+   -  `virStoragePoolGetInfo <html/libvirt-libvirt-storage.html#virStoragePoolGetInfo>`__
+   -  `virStorageVolGetInfo <html/libvirt-libvirt-storage.html#virStorageVolGetInfo>`__
+
+-  **Accessors** [...Get..., ...Set...]
+
+   Specific accessors used to query or modify data for the given object,
+   such as:
+
+   -  `virConnectGetType <html/libvirt-libvirt-host.html#virConnectGetType>`__
+   -  `virDomainGetMaxMemory <html/libvirt-libvirt-domain.html#virDomainGetMaxMemory>`__
+   -  `virDomainSetMemory <html/libvirt-libvirt-domain.html#virDomainSetMemory>`__
+   -  `virDomainGetVcpus <html/libvirt-libvirt-domain.html#virDomainGetVcpus>`__
+   -  `virStoragePoolSetAutostart <html/libvirt-libvirt-storage.html#virStoragePoolSetAutostart>`__
+   -  `virNetworkGetBridgeName <html/libvirt-libvirt-network.html#virNetworkGetBridgeName>`__
+
+-  **Creation** [...Create, ...CreateXML]
+
+   Used to create and start objects. The ...CreateXML APIs will create
+   the object based on an XML description, while the ...Create APIs will
+   create the object based on existing object pointer, such as:
+
+   -  `virDomainCreate <html/libvirt-libvirt-domain.html#virDomainCreate>`__
+   -  `virDomainCreateXML <html/libvirt-libvirt-domain.html#virDomainCreateXML>`__
+   -  `virNetworkCreate <html/libvirt-libvirt-network.html#virNetworkCreate>`__
+   -  `virNetworkCreateXML <html/libvirt-libvirt-network.html#virNetworkCreateXML>`__
+
+-  **Destruction** [...Destroy]
+
+   Used to shutdown or deactivate and destroy objects, such as:
+
+   -  `virDomainDestroy <html/libvirt-libvirt-domain.html#virDomainDestroy>`__
+   -  `virNetworkDestroy <html/libvirt-libvirt-network.html#virNetworkDestroy>`__
+   -  `virStoragePoolDestroy <html/libvirt-libvirt-storage.html#virStoragePoolDestroy>`__
+
+Note: functions returning vir*Ptr (like the virDomainLookup functions)
+allocate memory which needs to be freed by the caller by the
+corresponding vir*Free function (e.g. virDomainFree for a virDomainPtr
+object).
+
+For more in-depth details of the storage related APIs see `the storage
+management page <storage.html>`__.
+
+The libvirt Drivers
+-------------------
+
+Drivers are the basic building block for libvirt functionality to
+support the capability to handle specific hypervisor driver calls.
+Drivers are discovered and registered during connection processing as
+part of the
+`virInitialize <html/libvirt-libvirt-host.html#virInitialize>`__
+API. Each driver has a registration API which loads up the driver
+specific function references for the libvirt APIs to call. The following
+is a simplistic view of the hypervisor driver mechanism. Consider the
+stacked list of drivers as a series of modules that can be plugged into
+the architecture depending on how libvirt is configured to be built.
+
+|The libvirt driver architecture|
+
+The driver architecture is also used to support other virtualization
+components such as storage, storage pools, host device, networking,
+network interfaces, and network filters.
+
+See the `libvirt drivers <drivers.html>`__ page for more information on
+hypervisor and storage specific drivers.
+
+Not all drivers support every virtualization function possible. The
+`libvirt API support matrix <hvsupport.html>`__ lists the various
+functions and support found in each driver by the version support was
+added into libvirt.
+
+Daemon and Remote Access
+------------------------
+
+Access to libvirt drivers is primarily handled by the libvirtd daemon
+through the `remote <remote.html>`__ driver via an
+`RPC <internals/rpc.html>`__. Some hypervisors do support client-side
+connections and responses, such as Test, OpenVZ, VMware, VirtualBox
+(vbox), ESX, Hyper-V, Xen, and Virtuozzo. The libvirtd daemon service is
+started on the host at system boot time and can also be restarted at any
+time by a properly privileged user, such as root. The libvirtd daemon
+uses the same libvirt API
+`virInitialize <html/libvirt-libvirt-host.html#virInitialize>`__
+sequence as applications for client-side driver registrations, but then
+extends the registered driver list to encompass all known drivers
+supported for all driver types supported on the host.
+
+The libvirt client `applications <apps.html>`__ use a `URI <uri.html>`__
+to obtain the ``virConnectPtr``. The ``virConnectPtr`` keeps track of
+the driver connection plus a variety of other connections (network,
+interface, storage, etc.). The ``virConnectPtr`` is then used as a
+parameter to other virtualization `functions <#Functions>`__. Depending
+upon the driver being used, calls will be routed through the remote
+driver to the libvirtd daemon. The daemon will reference the connection
+specific driver in order to retrieve the requested information and then
+pass back status and/or data through the connection back to the
+application. The application can then decide what to do with that data,
+such as display, write log data, etc. `Migration <migration.html>`__ is
+an example of many facets of the architecture in use.
+
+|The libvirt daemon and remote architecture|
+
+The key takeaway from the above diagram is that there is a remote driver
+which handles transactions for a majority of the drivers. The libvirtd
+daemon running on the host will receive transaction requests from the
+remote driver and will then query the hypervisor driver as specified in
+the ``virConnectPtr`` in order to fetch the data. The data will then be
+returned through the remote driver to the client application for
+processing.
+
+If you are interested in contributing to libvirt, read the
+`FAQ <https://wiki.libvirt.org/page/FAQ>`__ and
+`hacking <hacking.html>`__ guidelines to gain an understanding of basic
+rules and guidelines. In order to add new API functionality follow the
+instructions regarding `implementing a new API in
+libvirt <api_extension.html>`__.
+
+.. |first class objects exposed by the API| image:: libvirt-object-model.png
+.. |The libvirt driver architecture| image:: libvirt-driver-arch.png
+.. |The libvirt daemon and remote architecture| image:: libvirt-daemon-arch.png
--- a/docs/api_extension.html.in
+++ b/docs/api_extension.html.in
@@ -1,370 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Implementing a new API in Libvirt</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This document walks you through the process of implementing a new
-      API in libvirt.  Remember that new API consists of any new public
-      functions, as well as the addition of flags or extensions of XML used by
-      existing functions.
-    </p>
-
-    <p>
-      Before you begin coding, it is critical that you propose your
-      changes on the libvirt mailing list and get feedback on your ideas to
-      make sure what you're proposing fits with the general direction of the
-      project.  Even before doing a proof of concept implementation, send an
-      email giving an overview of the functionality you think should be
-      added to libvirt.  Someone may already be working on the feature you
-      want.  Also, recognize that everything you write is likely to undergo
-      significant rework as you discuss it with the other developers, so
-      don't wait too long before getting feedback.
-    </p>
-
-    <p>
-      Adding a new API to libvirt is not difficult, but there are quite a
-      few steps.  This document assumes that you are familiar with C
-      programming and have checked out the libvirt code from the source code
-      repository and successfully built the existing tree.  Instructions on
-      how to check out and build the code can be found at:
-    </p>
-
-    <p>
-      <a href="https://libvirt.org/downloads.html">https://libvirt.org/downloads.html</a>
-    </p>
-
-    <p>
-      Once you have a working development environment, the steps to create a
-      new API are:
-    </p>
-    <ol>
-      <li>define the public API</li>
-      <li>define the internal driver API</li>
-      <li>implement the public API</li>
-      <li>implement the remote protocol:
-        <ol>
-          <li>define the wire protocol format</li>
-          <li>implement the RPC client</li>
-          <li>implement the server side dispatcher</li>
-        </ol>
-      </li>
-      <li>use new API where appropriate in drivers</li>
-      <li>add virsh support</li>
-      <li>add common handling for new API</li>
-      <li>for each driver that can support the new API:
-        <ol>
-          <li>add prerequisite support</li>
-          <li>fully implement new API</li>
-        </ol>
-      </li>
-    </ol>
-
-    <p>
-      It is, of course, possible to implement the pieces in any order, but
-      if the development tasks are completed in the order listed, the code
-      will compile after each step.  Given the number of changes required,
-      verification after each step is highly recommended.
-    </p>
-
-    <p>
-      Submit new code in the form of one patch per step.  That's not to say
-      submit patches before you have working functionality--get the whole thing
-      working and make sure you're happy with it.  Then use git to break the
-      changes into pieces so you don't drop a big blob of code on the
-      mailing list in one go.  Also, you should follow the upstream tree, and
-      rebase your series to adapt your patches to work with any other changes
-      that were accepted upstream during your development.
-    </p>
-
-    <p>
-      Don't mix anything else into the patches you submit.  The patches
-      should be the minimal changes required to implement the functionality
-      you're adding.  If you notice a bug in unrelated code (i.e., code you
-      don't have to touch to implement your API change) during development,
-      create a patch that just addresses that bug and submit it
-      separately.
-    </p>
-
-    <h2><a id='publicapi'>Defining the public API</a></h2>
-
-    <p>The first task is to define the public API.  If the new API
-      involves an XML extension, you have to enhance the RelaxNG
-      schema and document the new elements or attributes:</p>
-
-    <p><code>
-        docs/schemas/domaincommon.rng<br/>
-        docs/formatdomain.html.in
-    </code></p>
-
-    <p>If the API extension involves a new function, you have to add a
-      declaration in the public header, and arrange to export the
-      function name (symbol) so other programs can link against the
-      libvirt library and call the new function:</p>
-
-    <p><code>
-        include/libvirt/libvirt-$MODULE.h.in
-        src/libvirt_public.syms
-    </code></p>
-
-    <p>
-      This task is in many ways the most important to get right, since once
-      the API has been committed to the repository, it's libvirt's policy
-      never to change it.  Mistakes in the implementation are bugs that you
-      can fix.  Make a mistake in the API definition and you're stuck with
-      it, so think carefully about the interface and don't be afraid to
-      rework it as you go through the process of implementing it.
-    </p>
-
-    <h2><a id='internalapi'>Defining the internal API</a></h2>
-
-    <p>
-      Each public API call is associated with a driver, such as a host
-      virtualization driver, a network virtualization driver, a storage
-      virtualization driver, a state driver, or a device monitor.  Adding
-      the internal API is ordinarily a matter of adding a new member to the
-      struct representing one of these drivers.
-    </p>
-
-    <p>
-      Of course, it's possible that the new API will involve the creation of
-      an entirely new driver type, in which case the changes will include the
-      creation of a new struct type to represent the new driver type.
-    </p>
-
-    <p>The driver structs are defined in:</p>
-
-    <p><code>src/driver-$MODULE.h</code></p>
-
-    <p>
-      To define the internal API, first typedef the driver function
-      prototype and then add a new field for it to the relevant driver
-      struct.  Then, update all existing instances of the driver to
-      provide a <code>NULL</code> stub for the new function.
-    </p>
-
-    <h2><a id='implpublic'>Implementing the public API</a></h2>
-
-    <p>
-      Implementing the public API is largely a formality in which we wire up
-      public API to the internal driver API.  The public API implementation
-      takes care of some basic validity checks before passing control to the
-      driver implementation.  In RFC 2119 vocabulary, this function:
-    </p>
-
-    <ol class="ordinarylist">
-      <li>SHOULD log a message with VIR_DEBUG() indicating that it is
-        being called and its parameters;</li>
-      <li>MUST call virResetLastError();</li>
-      <li>SHOULD confirm that the connection is valid with
-        virCheckConnectReturn() or virCheckConnectGoto();</li>
-      <li><strong>SECURITY: If the API requires a connection with write
-          privileges, MUST confirm that the connection flags do not
-          indicate that the connection is read-only with
-          virCheckReadOnlyGoto();</strong></li>
-      <li>SHOULD do basic validation of the parameters that are being
-        passed in, using helpers like virCheckNonNullArgGoto();</li>
-      <li>MUST confirm that the driver for this connection exists and that
-        it implements this function;</li>
-      <li>MUST call the internal API;</li>
-      <li>SHOULD log a message with VIR_DEBUG() indicating that it is
-        returning, its return value, and status.</li>
-      <li>MUST return status to the caller.</li>
-    </ol>
-
-    <p>The public API calls are implemented in:</p>
-
-    <p><code>src/libvirt-$MODULE.c</code></p>
-
-    <h2><a id='remoteproto'>Implementing the remote protocol</a></h2>
-
-    <p>
-      Implementing the remote protocol is essentially a
-      straightforward exercise which is probably most easily
-      understood by referring to the existing code.
-    </p>
-
-    <h3><a id='wireproto'>Defining the wire protocol format</a></h3>
-
-    <p>
-      Defining the wire protocol involves making additions to:
-    </p>
-
-    <p><code>src/remote/remote_protocol.x</code></p>
-
-    <p>
-      First, create two new structs for each new function that you're adding
-      to the API.  One struct describes the parameters to be passed to the
-      remote function, and a second struct describes the value returned by
-      the remote function.  The one exception to this rule is that functions
-      that return only 0 or -1 for status do not require a struct for returned
-      data.
-    </p>
-
-    <p>
-      Second, add values to the remote_procedure enum for each new function
-      added to the API.
-    </p>
-
-    <p>
-      Once these changes are in place, it's necessary to run 'make rpcgen'
-      in the src directory to create the .c and .h files required by the
-      remote protocol code. This must be done on a Linux host using the
-      GLibC rpcgen program. Other rpcgen versions may generate code which
-      results in bogus compile time warnings.  This regenerates the
-      following files:
-    </p>
-
-    <p><code>
-        src/remote/remote_daemon_dispatch_stubs.h
-        src/remote/remote_daemon_dispatch.h
-        src/remote/remote_daemon_dispatch.c
-        src/remote/remote_protocol.c
-        src/remote/remote_protocol.h
-    </code></p>
-
-    <h3><a id='rpcclient'>Implement the RPC client</a></h3>
-
-    <p>
-      Implementing the RPC client uses the rpcgen generated .h files.
-      The remote method calls go in:
-    </p>
-
-    <p><code>src/remote/remote_driver.c</code></p>
-
-    <p>Each remote method invocation does the following:</p>
-
-    <ol class="ordinarylist">
-      <li>locks the remote driver;</li>
-      <li>sets up the method arguments;</li>
-      <li>invokes the remote function;</li>
-      <li>checks the return value, if necessary;</li>
-      <li>extracts any returned data;</li>
-      <li>frees any returned data;</li>
-      <li>unlocks the remote driver.</li>
-    </ol>
-
-    <h3><a id="serverdispatch">Implement the server side dispatcher</a></h3>
-
-    <p>
-      Implementing the server side of the remote function call is simply a
-      matter of deserializing the parameters passed in from the remote
-      caller and passing them to the corresponding internal API function.
-      The server side dispatchers are implemented in:
-    </p>
-
-    <p><code>src/remote/remote_daemon_dispatch.c</code></p>
-
-    <p>Again, this step uses the .h files generated by make rpcgen.</p>
-
-    <p>
-      After all three pieces of the remote protocol are complete, and
-      the generated files have been updated, it will be necessary to
-      update the file:</p>
-
-    <p><code>src/remote_protocol-structs</code></p>
-
-    <p>
-      This file should only have new lines added; modifications to
-      existing lines probably imply a backwards-incompatible API change.
-    </p>
-
-    <h2><a id="internaluseapi">Use the new API internally</a></h2>
-
-    <p>
-      Sometimes, a new API serves as a superset of existing API, by
-      adding more granularity in what can be managed.  When this is
-      the case, it makes sense to share a common implementation by
-      making the older API become a trivial wrapper around the new
-      API, rather than duplicating the common code.  This step should
-      not introduce any semantic differences for the old API, and is
-      not necessary if the new API has no relation to existing API.
-    </p>
-
-    <h2><a id="virshuseapi">Expose the new API in virsh</a></h2>
-
-    <p>
-      All new API should be manageable from the virsh command line
-      shell.  This proves that the API is sufficient for the intended
-      purpose, and helps to identify whether the proposed API needs
-      slight changes for easier usage.  However, remember that virsh
-      is used to connect to hosts running older versions of libvirtd,
-      so new commands should have fallbacks to an older API if
-      possible; implementing the virsh hooks at this point makes it
-      very easy to test these fallbacks.  Also remember to document
-      virsh additions.
-    </p>
-
-    <p>
-      A virsh command is composed of a few pieces of code.  You need to
-      define an array of vshCmdInfo structs for each new command that
-      contain the help text and the command description text.  You also need
-      an array of vshCmdOptDef structs to describe the command options.
-      Once you have those pieces in place you can write the function
-      implementing the virsh command.  Finally, you need to add the new
-      command to the commands[] array.  The following files need changes:
-    </p>
-
-    <p><code>
-        tools/virsh-$MODULE.c<br/>
-        tools/virsh.pod
-    </code></p>
-
-    <h2><a id="driverimpl">Implement the driver methods</a></h2>
-
-    <p>
-      So, after all that, we get to the fun part.  All functionality in
-      libvirt is implemented inside a driver.  Thus, here is where you
-      implement whatever functionality you're adding to libvirt.  You'll
-      either need to add additional files to the src directory or extend
-      files that are already there, depending on what functionality you're
-      adding.
-    </p>
-
-    <h3><a id="commonimpl">Implement common handling</a></h3>
-
-    <p>
-      If the new API is applicable to more than one driver, it may
-      make sense to provide some utility routines, or to factor some
-      of the work into the dispatcher, to avoid reimplementing the
-      same code in every driver.  In the example code, this involved
-      adding a member to the virDomainDefPtr struct for mapping
-      between the XML API addition and the in-memory representation of
-      a domain, along with updating all clients to use the new member.
-      Up to this point, there have been no changes to existing
-      semantics, and the new APIs will fail unless they are used in
-      the same way as the older API wrappers.
-    </p>
-
-    <h3><a id="drivercode">Implement driver handling</a></h3>
-
-    <p>
-      The remaining patches should only touch one driver at a time.
-      It is possible to implement all changes for a driver in one
-      patch, but for review purposes it may still make sense to break
-      things into simpler steps.  Here is where the new APIs finally
-      start working.
-    </p>
-
-    <p>
-      It is always a good idea to patch the test driver in addition to the
-      target driver, to prove that the API can be used for more than one
-      driver.
-    </p>
-
-    <p>
-      Any cleanups resulting from the changes should be added as separate
-      patches at the end of the series.
-    </p>
-
-    <p>
-      Once you have working functionality, run ninja test on each patch
-      of the series before submitting patches. It may also be worth
-      writing tests for the libvirt-TCK testsuite to exercise your new API,
-      although those patches are not kept in the libvirt repository.
-    </p>
-  </body>
-</html>
--- a/docs/api_extension.rst
+++ b/docs/api_extension.rst
@@ -0,0 +1,291 @@
+=================================
+Implementing a new API in Libvirt
+=================================
+
+.. contents::
+
+This document walks you through the process of implementing a new API in
+libvirt. Remember that new API consists of any new public functions, as
+well as the addition of flags or extensions of XML used by existing
+functions.
+
+Before you begin coding, it is critical that you propose your changes on
+the libvirt mailing list and get feedback on your ideas to make sure
+what you're proposing fits with the general direction of the project.
+Even before doing a proof of concept implementation, send an email
+giving an overview of the functionality you think should be added to
+libvirt. Someone may already be working on the feature you want. Also,
+recognize that everything you write is likely to undergo significant
+rework as you discuss it with the other developers, so don't wait too
+long before getting feedback.
+
+Adding a new API to libvirt is not difficult, but there are quite a few
+steps. This document assumes that you are familiar with C programming
+and have checked out the libvirt code from the source code repository
+and successfully built the existing tree. Instructions on how to check
+out and build the code can be found at:
+
+https://libvirt.org/downloads.html
+
+Once you have a working development environment, the steps to create a
+new API are:
+
+#. define the public API
+#. define the internal driver API
+#. implement the public API
+#. implement the remote protocol:
+
+   #. define the wire protocol format
+   #. implement the RPC client
+   #. implement the server side dispatcher
+
+#. use new API where appropriate in drivers
+#. add virsh support
+#. add common handling for new API
+#. for each driver that can support the new API:
+
+   #. add prerequisite support
+   #. fully implement new API
+
+It is, of course, possible to implement the pieces in any order, but if
+the development tasks are completed in the order listed, the code will
+compile after each step. Given the number of changes required,
+verification after each step is highly recommended.
+
+Submit new code in the form of one patch per step. That's not to say
+submit patches before you have working functionality--get the whole
+thing working and make sure you're happy with it. Then use git to break
+the changes into pieces so you don't drop a big blob of code on the
+mailing list in one go. Also, you should follow the upstream tree, and
+rebase your series to adapt your patches to work with any other changes
+that were accepted upstream during your development.
+
+Don't mix anything else into the patches you submit. The patches should
+be the minimal changes required to implement the functionality you're
+adding. If you notice a bug in unrelated code (i.e., code you don't have
+to touch to implement your API change) during development, create a
+patch that just addresses that bug and submit it separately.
+
+Defining the public API
+-----------------------
+
+The first task is to define the public API. If the new API involves an
+XML extension, you have to enhance the RelaxNG schema and document the
+new elements or attributes:
+
+``docs/schemas/domaincommon.rng         docs/formatdomain.html.in``
+
+If the API extension involves a new function, you have to add a
+declaration in the public header, and arrange to export the function
+name (symbol) so other programs can link against the libvirt library and
+call the new function:
+
+``include/libvirt/libvirt-$MODULE.h.in         src/libvirt_public.syms``
+
+Please consult our `coding
+style <coding-style.html#xml-element-and-attribute-naming>`__ guide on
+elements and attribute names.
+
+This task is in many ways the most important to get right, since once
+the API has been committed to the repository, it's libvirt's policy
+never to change it. Mistakes in the implementation are bugs that you can
+fix. Make a mistake in the API definition and you're stuck with it, so
+think carefully about the interface and don't be afraid to rework it as
+you go through the process of implementing it.
+
+Defining the internal API
+-------------------------
+
+Each public API call is associated with a driver, such as a host
+virtualization driver, a network virtualization driver, a storage
+virtualization driver, a state driver, or a device monitor. Adding the
+internal API is ordinarily a matter of adding a new member to the struct
+representing one of these drivers.
+
+Of course, it's possible that the new API will involve the creation of
+an entirely new driver type, in which case the changes will include the
+creation of a new struct type to represent the new driver type.
+
+The driver structs are defined in:
+
+``src/driver-$MODULE.h``
+
+To define the internal API, first typedef the driver function prototype
+and then add a new field for it to the relevant driver struct. Then,
+update all existing instances of the driver to provide a ``NULL`` stub
+for the new function.
+
+Implementing the public API
+---------------------------
+
+Implementing the public API is largely a formality in which we wire up
+public API to the internal driver API. The public API implementation
+takes care of some basic validity checks before passing control to the
+driver implementation. In RFC 2119 vocabulary, this function:
+
+#. SHOULD log a message with VIR_DEBUG() indicating that it is being
+   called and its parameters;
+#. MUST call virResetLastError();
+#. SHOULD confirm that the connection is valid with
+   virCheckConnectReturn() or virCheckConnectGoto();
+#. **SECURITY: If the API requires a connection with write privileges,
+   MUST confirm that the connection flags do not indicate that the
+   connection is read-only with virCheckReadOnlyGoto();**
+#. SHOULD do basic validation of the parameters that are being passed
+   in, using helpers like virCheckNonNullArgGoto();
+#. MUST confirm that the driver for this connection exists and that it
+   implements this function;
+#. MUST call the internal API;
+#. SHOULD log a message with VIR_DEBUG() indicating that it is
+   returning, its return value, and status.
+#. MUST return status to the caller.
+
+The public API calls are implemented in:
+
+``src/libvirt-$MODULE.c``
+
+Implementing the remote protocol
+--------------------------------
+
+Implementing the remote protocol is essentially a straightforward
+exercise which is probably most easily understood by referring to the
+existing code.
+
+Defining the wire protocol format
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Defining the wire protocol involves making additions to:
+
+``src/remote/remote_protocol.x``
+
+First, create two new structs for each new function that you're adding
+to the API. One struct describes the parameters to be passed to the
+remote function, and a second struct describes the value returned by the
+remote function. The one exception to this rule is that functions that
+return only 0 or -1 for status do not require a struct for returned
+data.
+
+Second, add values to the remote_procedure enum for each new function
+added to the API.
+
+Once these changes are in place, it's necessary to run 'make rpcgen' in
+the src directory to create the .c and .h files required by the remote
+protocol code. This must be done on a Linux host using the GLibC rpcgen
+program. Other rpcgen versions may generate code which results in bogus
+compile time warnings. This regenerates the following files:
+
+``src/remote/remote_daemon_dispatch_stubs.h         src/remote/remote_daemon_dispatch.h         src/remote/remote_daemon_dispatch.c         src/remote/remote_protocol.c         src/remote/remote_protocol.h``
+
+Implement the RPC client
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Implementing the RPC client uses the rpcgen generated .h files. The
+remote method calls go in:
+
+``src/remote/remote_driver.c``
+
+Each remote method invocation does the following:
+
+#. locks the remote driver;
+#. sets up the method arguments;
+#. invokes the remote function;
+#. checks the return value, if necessary;
+#. extracts any returned data;
+#. frees any returned data;
+#. unlocks the remote driver.
+
+Implement the server side dispatcher
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Implementing the server side of the remote function call is simply a
+matter of deserializing the parameters passed in from the remote caller
+and passing them to the corresponding internal API function. The server
+side dispatchers are implemented in:
+
+``src/remote/remote_daemon_dispatch.c``
+
+Again, this step uses the .h files generated by make rpcgen.
+
+After all three pieces of the remote protocol are complete, and the
+generated files have been updated, it will be necessary to update the
+file:
+
+``src/remote_protocol-structs``
+
+This file should only have new lines added; modifications to existing
+lines probably imply a backwards-incompatible API change.
+
+Use the new API internally
+--------------------------
+
+Sometimes, a new API serves as a superset of existing API, by adding
+more granularity in what can be managed. When this is the case, it makes
+sense to share a common implementation by making the older API become a
+trivial wrapper around the new API, rather than duplicating the common
+code. This step should not introduce any semantic differences for the
+old API, and is not necessary if the new API has no relation to existing
+API.
+
+Expose the new API in virsh
+---------------------------
+
+All new API should be manageable from the virsh command line shell. This
+proves that the API is sufficient for the intended purpose, and helps to
+identify whether the proposed API needs slight changes for easier usage.
+However, remember that virsh is used to connect to hosts running older
+versions of libvirtd, so new commands should have fallbacks to an older
+API if possible; implementing the virsh hooks at this point makes it
+very easy to test these fallbacks. Also remember to document virsh
+additions.
+
+A virsh command is composed of a few pieces of code. You need to define
+an array of vshCmdInfo structs for each new command that contain the
+help text and the command description text. You also need an array of
+vshCmdOptDef structs to describe the command options. Once you have
+those pieces in place you can write the function implementing the virsh
+command. Finally, you need to add the new command to the commands[]
+array. The following files need changes:
+
+``tools/virsh-$MODULE.c         tools/virsh.pod``
+
+Implement the driver methods
+----------------------------
+
+So, after all that, we get to the fun part. All functionality in libvirt
+is implemented inside a driver. Thus, here is where you implement
+whatever functionality you're adding to libvirt. You'll either need to
+add additional files to the src directory or extend files that are
+already there, depending on what functionality you're adding.
+
+Implement common handling
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If the new API is applicable to more than one driver, it may make sense
+to provide some utility routines, or to factor some of the work into the
+dispatcher, to avoid reimplementing the same code in every driver. In
+the example code, this involved adding a member to the virDomainDefPtr
+struct for mapping between the XML API addition and the in-memory
+representation of a domain, along with updating all clients to use the
+new member. Up to this point, there have been no changes to existing
+semantics, and the new APIs will fail unless they are used in the same
+way as the older API wrappers.
+
+Implement driver handling
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The remaining patches should only touch one driver at a time. It is
+possible to implement all changes for a driver in one patch, but for
+review purposes it may still make sense to break things into simpler
+steps. Here is where the new APIs finally start working.
+
+It is always a good idea to patch the test driver in addition to the
+target driver, to prove that the API can be used for more than one
+driver.
+
+Any cleanups resulting from the changes should be added as separate
+patches at the end of the series.
+
+Once you have working functionality, run ninja test on each patch of the
+series before submitting patches. It may also be worth writing tests for
+the libvirt-TCK testsuite to exercise your new API, although those
+patches are not kept in the libvirt repository.
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@@ -1,481 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Applications using libvirt</h1>
-
-    <p>
-      This page provides an illustration of the wide variety of
-      applications using the libvirt management API.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="add">Add an application</a></h2>
-
-    <p>
-      To add an application not listed on this page, send a message
-      to the <a href="contact.html">mailing list</a>, requesting it
-      be added here, or simply send a patch against the documentation
-      in the libvirt.git docs subdirectory.
-      If your application uses libvirt as its API,
-      the following graphics are available for your website to advertise
-      support for libvirt:
-    </p>
-
-    <p class="image">
-      <img src="logos/logo-square-powered-96.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-128.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-192.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-256.png" alt="libvirt powered"/>
-    </p>
-
-    <h2><a id="command">Command line tools</a></h2>
-
-    <dl>
-      <dt><a href="http://libguestfs.org">guestfish</a></dt>
-      <dd>
-        Guestfish is an interactive shell and command-line tool for examining
-        and modifying virtual machine filesystems.  It uses libvirt to find
-        guests and their associated disks.
-      </dd>
-      <dt>virsh</dt>
-      <dd>
-        An interactive shell, and batch scriptable tool for performing
-        management tasks on all libvirt managed domains, networks and
-        storage. This is part of the libvirt core distribution.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-clone</a></dt>
-      <dd>
-        Allows the disk image(s) and configuration for an existing
-        virtual machine to be cloned to form a new virtual machine.
-        It automates copying of data across to new disk images, and
-        updates the UUID, MAC address, and name in the configuration.
-      </dd>
-      <dt><a href="https://people.redhat.com/rjones/virt-df/">virt-df</a></dt>
-      <dd>
-        Examine the utilization of each filesystem in a virtual machine
-        from the comfort of the host machine. This tool peeks into the
-        guest disks and determines how much space is used. It can cope
-        with common Linux filesystems and LVM volumes.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-image</a></dt>
-      <dd>
-        Provides a way to deploy virtual appliances. It defines a
-        simplified portable XML format describing the pre-requisites
-        of a virtual machine. At time of deployment this is translated
-        into the domain XML format for execution under any libvirt
-        hypervisor meeting the pre-requisites.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-install</a></dt>
-      <dd>
-        Provides a way to provision new virtual machines from a
-        OS distribution install tree. It supports provisioning from
-        local CD images, and the network over NFS, HTTP and FTP.
-      </dd>
-      <dt><a href="https://people.redhat.com/rjones/virt-top/">virt-top</a></dt>
-      <dd>
-        Watch the CPU, memory, network and disk utilization of all
-        virtual machines running on a host.
-      </dd>
-      <dt>
-        <a href="https://people.redhat.com/~rjones/virt-what/">virt-what</a>
-      </dt>
-      <dd>
-        virt-what is a shell script for detecting if the program is running
-        in a virtual machine.  It prints out a list of facts about the
-        virtual machine, derived from heuristics.
-      </dd>
-      <dt><a href="https://sourceware.org/systemtap/">stap</a></dt>
-      <dd>
-        SystemTap is a tool used to gather rich information about a running
-        system through the use of scripts. Starting from v2.4, the front-end
-        application stap can use libvirt to gather data within virtual
-        machines.
-      </dd>
-      <dt><a href="https://github.com/pradels/vagrant-libvirt/">vagrant-libvirt</a></dt>
-      <dd>
-        Vagrant-Libvirt is a Vagrant plugin that uses libvirt to manage virtual
-        machines. It is a command line tool for developers that makes it very
-        fast and easy to deploy and re-deploy an environment of vm's.
-      </dd>
-      <dt><a href="https://github.com/virt-lightning/virt-lightning">virt-lightning</a></dt>
-      <dd>
-        Virt-Lightning uses libvirt, cloud-init and libguestfs to allow anyone
-        to quickly start a new VM. Very much like a container CLI, but with a
-        virtual machine.
-      </dd>
-    </dl>
-
-    <h2><a id="configmgmt">Configuration Management</a></h2>
-
-    <dl>
-      <dt><a href="https://wiki.lcfg.org/bin/view/LCFG/LcfgLibvirt">LCFG</a></dt>
-      <dd>
-        LCFG is a system for automatically installing and managing the
-        configuration of large numbers of Unix systems.  It is particularly
-        suitable for sites with very diverse and rapidly changing
-        configurations.
-      </dd>
-      <dd>
-        The lcfg-libvirt package adds support for virtualized systems to
-        LCFG, with both Xen and KVM known to work.  Cloning guests is
-        supported, as are the bridged, routed, and isolated modes for
-        Virtual Networking.
-      </dd>
-    </dl>
-
-    <h2><a id="continuousintegration">Continuous Integration</a></h2>
-
-    <dl>
-      <dt><a href="http://docs.buildbot.net/latest/manual/configuration/workers-libvirt.html">BuildBot</a></dt>
-      <dd>
-        BuildBot is a system to automate the compile/test cycle required
-        by most software projects.  CVS commits trigger new builds, run on
-        a variety of client machines.  Build status (pass/fail/etc) are
-        displayed on a web page or through other protocols.
-      </dd>
-    </dl>
-
-    <dl>
-      <dt><a href="https://plugins.jenkins.io/libvirt-slave/">Jenkins</a></dt>
-      <dd>
-        This plugin for Jenkins adds a way to control guest domains hosted
-        on Xen or QEMU/KVM.  You configure a Jenkins Agent,
-        selecting the guest domain and hypervisor.  When you need to build a
-        job on a specific Agent, its guest domain is started, then the job is
-        run.  When the build process is finished, the guest domain is shut
-        down, ready to be used again as required.
-      </dd>
-    </dl>
-
-    <h2><a id="conversion">Conversion</a></h2>
-
-    <dl>
-      <dt><a href="http://libguestfs.org/virt-p2v.1.html">virt-p2v</a></dt>
-      <dd>
-        Convert a physical machine to run on KVM.  It is a LiveCD
-        which is booted on the machine to be converted.  It collects a
-        little information from the user, then copies the disks over
-        to a remote machine and defines the XML for a domain to run
-        the guest.  (Note this tool is included with libguestfs)
-      </dd>
-      <dt><a href="http://libguestfs.org/virt-v2v.1.html">virt-v2v</a></dt>
-      <dd>
-        virt-v2v converts guests from a foreign hypervisor to run on
-        KVM, managed by libvirt.  It can convert guests from VMware or
-        Xen to run on OpenStack, oVirt (RHEV-M), or local libvirt.  It
-        will enable VirtIO drivers in the converted guest if possible.
-        (Note this tool is included with libguestfs)
-      </dd>
-      <dd>
-        For RHEL customers of Red Hat, conversion of Windows guests is also
-        possible.  This conversion requires some Microsoft signed pieces,
-        that Red Hat can provide.
-      </dd>
-      <dt><a href="https://launchpad.net/virt-goodies">vmware2libvirt</a></dt>
-      <dd>
-        Part of the <i>virt-goodies</i> package, vmware2libvirt is a python
-        script for migrating a vmware image to libvirt.
-      </dd>
-    </dl>
-
-    <h2><a id="desktop">Desktop applications</a></h2>
-
-    <dl>
-      <dt><a href="https://virt-manager.org/">virt-manager</a></dt>
-      <dd>
-        A general purpose desktop management tool, able to manage
-        virtual machines across both local and remotely accessed
-        hypervisors. It is targeted at home and small office usage
-        up to managing 10-20 hosts and their VMs.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-viewer</a></dt>
-      <dd>
-        A lightweight tool for accessing the graphical console
-        associated with a virtual machine. It can securely connect
-        to remote consoles supporting the VNC protocol. Also provides
-        an optional mozilla browser plugin.
-      </dd>
-      <dt><a href="https://f1ash.github.io/qt-virt-manager">qt-virt-manager</a></dt>
-      <dd>
-        The Qt GUI for create and control VMs and another virtual entities
-        (aka networks, storages, interfaces, secrets, network filters).
-        Contains integrated LXC/SPICE/VNC viewer for accessing the graphical or
-        text console associated with a virtual machine or container.
-      </dd>
-      <dt><a href="https://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer">qt-remote-viewer</a></dt>
-      <dd>
-        The Qt VNC/SPICE viewer for access to remote desktops or VMs.
-      </dd>
-    </dl>
-
-    <h2><a id="iaas">Infrastructure as a Service (IaaS)</a></h2>
-
-    <dl>
-      <dt><a href="http://cc1.ifj.edu.pl">Cracow Cloud One</a></dt>
-      <dd>The CC1 system provides a complete solution for Private
-        Cloud Computing. An intuitive web access interface with an
-        administration module and simple installation procedure make
-        it easy to benefit from private Cloud Computing technology.
-      </dd>
-
-      <dt><a href="https://github.com/eucalyptus/eucalyptus">Eucalyptus</a></dt>
-      <dd>
-        Eucalyptus is an on-premise Infrastructure as a Service cloud
-        software platform that is open source and
-        AWS-compatible. Eucalyptus uses libvirt virtualization API to
-        directly interact with Xen and KVM hypervisors.
-      </dd>
-
-      <dt><a href="http://www.nimbusproject.org">Nimbus</a></dt>
-      <dd>
-        Nimbus is an open-source toolkit focused on providing
-        Infrastructure-as-a-Service (IaaS) capabilities to the scientific
-        community.  It uses libvirt for communication with all KVM and Xen
-        virtual machines.
-      </dd>
-
-      <dt><a href="http://snooze.inria.fr">Snooze</a></dt>
-      <dd>
-        Snooze is an open-source scalable, autonomic, and energy-efficient
-        virtual machine (VM) management framework for private clouds. It
-        integrates libvirt for VM monitoring, live migration, and life-cycle
-        management.
-      </dd>
-
-      <dt><a href="https://www.openstack.org">OpenStack</a></dt>
-      <dd>
-        OpenStack is a "cloud operating system" usable for both public
-        and private clouds.  Its various parts take care of compute,
-        storage and networking resources and interface with the user
-        using a dashboard.  Compute part uses libvirt to manage VM
-        life-cycle, monitoring and so on.
-      </dd>
-
-      <dt><a href="https://github.com/gustavfranssonnyvell/cherrypop">Cherrypop</a></dt>
-      <dd>
-        A cloud software with no masters or central points. Nodes
-        autodetect other nodes and autodistribute virtual
-        machines and autodivide up the workload. Also there is no
-        minimum limit for hosts, well, one might be nice. It's
-        perfect for setting up low-end servers in a cloud or a
-        cloud where you want the most bang for the bucks.
-      </dd>
-
-      <dt><a href="http://en.zstack.io/">ZStack</a></dt>
-      <dd>
-        ZStack is an open source IaaS software that aims to automate the
-        management of all resources (compute, storage, networking, etc.) in a
-        datacenter by using APIs, thus conforming to the principles of a
-        software-defined datacenter. The key strengths of ZStack in terms of
-        management are scalability, performance, and a fast, user-friendly
-        deployment.
-      </dd>
-    </dl>
-
-    <h2><a id="libraries">Libraries</a></h2>
-
-    <dl>
-      <dt><a href="http://libguestfs.org">libguestfs</a></dt>
-      <dd>
-        A library and set of tools for accessing and modifying virtual
-        machine disk images.  It can be linked with C and C++ management
-        programs, and has bindings for Perl, Python, Ruby, Java, OCaml,
-        PHP, Haskell, and C#.
-      </dd>
-      <dd>
-        Using its FUSE module, you can also mount guest filesystems on the
-        host, and there is a subproject to allow merging changes into the
-        Windows Registry in Windows guests.
-      </dd>
-
-      <dt><a href="https://sandbox.libvirt.org">libvirt-sandbox</a></dt>
-      <dd>
-        A library and command line tools for simplifying the creation of
-        application sandboxes using virtualization technology. It currently
-        supports either KVM, QEMU or LXC as backends. Integration with
-        systemd facilitates sandboxing of system services like apache.
-      </dd>
-      <dt><a href="https://github.com/ohadlevy/virt#readme">Ruby
-          Libvirt Object bindings</a></dt>
-      <dd>
-        Allows using simple ruby objects to manipulate
-        hypervisors, guests, storage, network etc.  It is
-        based on top of
-        the <a href="https://libvirt.org/ruby">native ruby bindings</a>.
-      </dd>
-    </dl>
-
-    <h2><a id="livecd">LiveCD / Appliances</a></h2>
-
-    <dl>
-      <dt><a href="http://libguestfs.org/virt-v2v/">virt-p2v</a></dt>
-      <dd>
-        An older tool for converting a physical machine into a virtual
-        machine.  It is a LiveCD which is booted on the machine to be
-        converted.  It collects a little information from the user, then
-        copies the disks over to a remote machine and defines the XML for a
-        domain to run the guest.
-      </dd>
-    </dl>
-
-    <h2><a id="monitoring">Monitoring</a></h2>
-    <dl>
-      <dt><a href="https://collectd.org/plugins/libvirt.shtml">collectd</a></dt>
-      <dd>
-        The libvirt-plugin is part of <a href="http://collectd.org/">collectd</a>
-        and gathers statistics about virtualized guests on a system. This
-        way, you can collect CPU, network interface and block device usage
-        for each guest without installing collectd on the guest systems.
-        For a full description, please refer to the libvirt section in the
-        collectd.conf(5) manual page.
-      </dd>
-      <dt><a href="http://www.sflow.net/">Host sFlow</a></dt>
-      <dd>
-        Host sFlow is a lightweight agent running on KVM hypervisors that
-        links to libvirt library and exports standardized cpu, memory, network
-        and disk metrics for all virtual machines.
-      </dd>
-      <dt><a href="https://honk.sigxcpu.org/projects/libvirt/#munin">Munin</a></dt>
-      <dd>
-        The plugins provided by Guido Günther allow to monitor various things
-        like network and block I/O with
-        <a href="http://munin.projects.linpro.no/">Munin</a>.
-      </dd>
-      <dt><a href="http://people.redhat.com/rjones/nagios-virt/">Nagios-virt</a></dt>
-      <dd>
-        Nagios-virt is a configuration tool to add monitoring of your
-        virtualised domains to <a href="http://www.nagios.org/">Nagios</a>.
-        You can use this tool to either set up a new Nagios installation for
-        your Xen or QEMU/KVM guests, or to integrate with your existing Nagios
-        installation.
-      </dd>
-      <dt><a href="http://www.pcp.io/man/man1/pmdalibvirt.1.html">PCP</a></dt>
-      <dd>
-        The PCP libvirt PMDA (plugin) is part of the
-        <a href="http://pcp.io/">PCP</a> toolkit and provides
-        hypervisor and guest information and complete set of guest performance
-        metrics. It supports pCPU, vCPU, memory, block device, network interface,
-        and performance event metrics for each virtual guest.
-      </dd>
-    </dl>
-
-    <h2><a id="provisioning">Provisioning</a></h2>
-
-    <dl>
-      <dt><a href="https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Provisioning+Manager">Tivoli Provisioning Manager</a></dt>
-      <dd>
-        Part of the IBM Tivoli family, Tivoli Provisioning Manager (TPM) is
-        an IT lifecycle automation product.  It
-        <a href="http://publib.boulder.ibm.com/infocenter/tivihelp/v38r1/index.jsp?topic=/com.ibm.tivoli.tpm.apk.doc/libvirt_package.html">uses libvirt</a>
-        for communication with virtualization hosts and guest domains.
-      </dd>
-    </dl>
-
-    <dl>
-      <dt><a href="https://theforeman.org">Foreman</a></dt>
-      <dd>
-      Foreman is an open source web based application aimed to be a
-      Single Address For All Machines Life Cycle Management. Foreman:
-
-      <ul>
-          <li>Creates everything you need when adding a new machine to
-          your network, its goal being automatically managing
-          everything you would normally manage manually (DNS, DHCP,
-          TFTP, Virtual Machines,CA, CMDB...)</li>
-          <li>Integrates with Puppet (and acts as web front end to it).</li>
-          <li>Takes care of provisioning until the point puppet is
-          running, allowing Puppet to do what it does best.</li>
-          <li>Shows you Systems Inventory (based on Facter) and
-          provides real time information about hosts status based on
-          Puppet reports.</li>
-      </ul>
-      </dd>
-    </dl>
-
-
-    <h2><a id="web">Web applications</a></h2>
-
-    <dl>
-      <dt><a href="http://www.abiquo.com/">AbiCloud</a></dt>
-      <dd>
-        AbiCloud is an open source cloud platform manager which allows to
-        easily deploy a private cloud in your datacenter. One of the key
-        differences of AbiCloud is the web rich interface for managing the
-        infrastructure. You can deploy a new service just dragging and
-        dropping a VM.
-      </dd>
-      <dt><a href="https://kimchi-project.github.io/kimchi/">Kimchi</a></dt>
-      <dd>
-        Kimchi is an HTML5 based management tool for KVM. It is designed to
-        make it as easy as possible to get started with KVM and create your first guest.
-
-        Kimchi manages KVM guests through libvirt. The management interface is accessed
-        over the web using a browser that supports HTML5.
-      </dd>
-      <dt><a href="https://ovirt.org/">oVirt</a></dt>
-      <dd>
-        oVirt provides the ability to manage large numbers of virtual
-        machines across an entire data center of hosts. It integrates
-        with FreeIPA for Kerberos authentication, and in the future,
-        certificate management.
-      </dd>
-      <dt><a href="https://ispsystem.com/en/software/vmmanager">VMmanager</a></dt>
-      <dd>
-        VMmanager is a software solution for virtualization management
-        that can be used both for hosting virtual machines and
-        building a cloud.  VMmanager can manage not only one server,
-        but a large cluster of hypervisors.  It delivers a number of
-        functions, such as live migration that allows for load
-        balancing between cluster nodes, monitoring CPU, memory.
-      </dd>
-      <dt><a href="https://mist.io/">mist.io</a></dt>
-      <dd>
-        Mist.io is an open source project and a service that can assist you in
-        managing your virtual machines on a unified way, providing a simple
-        interface for all of your infrastructure (multiple public cloud
-        providers, OpenStack based public/private clouds, Docker servers, bare
-        metal servers and now KVM hypervisors).
-      </dd>
-      <dt><a href="https://ravada.upc.edu/">Ravada</a></dt>
-      <dd>
-        Ravada is an open source tool for managing Virtual Desktop
-        Infrastructure (VDI). It is very easy to install and use. Following
-        the documentation, you'll be ready to deploy virtual machines in
-        minutes. The only requirements for the users are a Web browser and
-        a lightweight remote viewer.
-      </dd>
-      <dt><a href="https://github.com/cutelyst/Virtlyst">Virtlyst</a></dt>
-      <dd>
-        Virtlyst is an open source web application built with C++11, Cutelyst and Qt.
-        It features:
-        <ul>
-          <li>Low memory usage (around 5 MiB of RAM)</li>
-          <li>Look and feel easily customized with HTML templates that use the Django syntax</li>
-          <li>VNC/Spice console directly in the browser using websockets on the same HTTP port</li>
-          <li>Host and Domain statistics graphs (CPU, Memory, IO, Network)</li>
-          <li>Connect to multiple libvirtd instances (over local Unix domain socket, SSH, TCP and TLS)</li>
-          <li>Manage Storage Pools, Storage Volumes, Networks, Interfaces, and Secrets</li>
-          <li>Create and launch VMs</li>
-          <li>Configure VMs with easy panels or go pro and edit the VM's XML</li>
-        </ul>
-      </dd>
-    </dl>
-
-    <h2><a id="other">Other</a></h2>
-
-    <dl>
-      <dt><a href="https://cuckoosandbox.org/">Cuckoo Sandbox</a></dt>
-      <dd>
-        Cuckoo Sandbox is a malware analysis system.  You can throw
-        any suspicious file at it and in a matter of seconds Cuckoo
-        will provide you back some detailed results outlining what
-        such file did when executed inside an isolated environment.
-        And libvirt is one of the backends that can be used for the
-        isolated environment.
-      </dd>
-    </dl>
-
-  </body>
-</html>
--- a/docs/apps.rst
+++ b/docs/apps.rst
@@ -0,0 +1,348 @@
+==========================
+Applications using libvirt
+==========================
+
+This page provides an illustration of the wide variety of applications
+using the libvirt management API.
+
+.. contents::
+
+Add an application
+------------------
+
+To add an application not listed on this page, send a message to the
+`mailing list <contact.html>`__, requesting it be added here, or simply
+send a patch against the documentation in the libvirt.git docs
+subdirectory. If your application uses libvirt as its API, the following
+graphics are available for your website to advertise support for
+libvirt:
+
+|libvirt powered 96| |libvirt powered 128| |libvirt powered 192| |libvirt powered 256|
+
+Command line tools
+------------------
+
+`guestfish <https://libguestfs.org>`__
+   Guestfish is an interactive shell and command-line tool for examining
+   and modifying virtual machine filesystems. It uses libvirt to find
+   guests and their associated disks.
+virsh
+   An interactive shell, and batch scriptable tool for performing
+   management tasks on all libvirt managed domains, networks and
+   storage. This is part of the libvirt core distribution.
+`virt-clone <https://virt-manager.org/>`__
+   Allows the disk image(s) and configuration for an existing virtual
+   machine to be cloned to form a new virtual machine. It automates
+   copying of data across to new disk images, and updates the UUID, MAC
+   address, and name in the configuration.
+`virt-df <https://people.redhat.com/rjones/virt-df/>`__
+   Examine the utilization of each filesystem in a virtual machine from
+   the comfort of the host machine. This tool peeks into the guest disks
+   and determines how much space is used. It can cope with common Linux
+   filesystems and LVM volumes.
+`virt-image <https://virt-manager.org/>`__
+   Provides a way to deploy virtual appliances. It defines a simplified
+   portable XML format describing the pre-requisites of a virtual
+   machine. At time of deployment this is translated into the domain XML
+   format for execution under any libvirt hypervisor meeting the
+   pre-requisites.
+`virt-install <https://virt-manager.org/>`__
+   Provides a way to provision new virtual machines from a OS
+   distribution install tree. It supports provisioning from local CD
+   images, and the network over NFS, HTTP and FTP.
+`virt-top <https://people.redhat.com/rjones/virt-top/>`__
+   Watch the CPU, memory, network and disk utilization of all virtual
+   machines running on a host.
+`virt-what <https://people.redhat.com/~rjones/virt-what/>`__
+   virt-what is a shell script for detecting if the program is running
+   in a virtual machine. It prints out a list of facts about the virtual
+   machine, derived from heuristics.
+`stap <https://sourceware.org/systemtap/>`__
+   SystemTap is a tool used to gather rich information about a running
+   system through the use of scripts. Starting from v2.4, the front-end
+   application stap can use libvirt to gather data within virtual
+   machines.
+`vagrant-libvirt <https://github.com/pradels/vagrant-libvirt/>`__
+   Vagrant-Libvirt is a Vagrant plugin that uses libvirt to manage
+   virtual machines. It is a command line tool for developers that makes
+   it very fast and easy to deploy and re-deploy an environment of vm's.
+`virt-lightning <https://github.com/virt-lightning/virt-lightning>`__
+   Virt-Lightning uses libvirt, cloud-init and libguestfs to allow
+   anyone to quickly start a new VM. Very much like a container CLI, but
+   with a virtual machine.
+
+Configuration Management
+------------------------
+
+`LCFG <https://wiki.lcfg.org/bin/view/LCFG/LcfgLibvirt>`__
+   LCFG is a system for automatically installing and managing the
+   configuration of large numbers of Unix systems. It is particularly
+   suitable for sites with very diverse and rapidly changing
+   configurations.
+   The lcfg-libvirt package adds support for virtualized systems to
+   LCFG, with both Xen and KVM known to work. Cloning guests is
+   supported, as are the bridged, routed, and isolated modes for Virtual
+   Networking.
+
+Continuous Integration
+----------------------
+
+`BuildBot <https://docs.buildbot.net/latest/manual/configuration/workers-libvirt.html>`__
+   BuildBot is a system to automate the compile/test cycle required by
+   most software projects. CVS commits trigger new builds, run on a
+   variety of client machines. Build status (pass/fail/etc) are
+   displayed on a web page or through other protocols.
+
+`Jenkins <https://plugins.jenkins.io/libvirt-slave/>`__
+   This plugin for Jenkins adds a way to control guest domains hosted on
+   Xen or QEMU/KVM. You configure a Jenkins Agent, selecting the guest
+   domain and hypervisor. When you need to build a job on a specific
+   Agent, its guest domain is started, then the job is run. When the
+   build process is finished, the guest domain is shut down, ready to be
+   used again as required.
+
+Conversion
+----------
+
+`virt-p2v <https://libguestfs.org/virt-p2v.1.html>`__
+   Convert a physical machine to run on KVM. It is a LiveCD which is
+   booted on the machine to be converted. It collects a little
+   information from the user, then copies the disks over to a remote
+   machine and defines the XML for a domain to run the guest. (Note this
+   tool is included with libguestfs)
+`virt-v2v <https://libguestfs.org/virt-v2v.1.html>`__
+   virt-v2v converts guests from a foreign hypervisor to run on KVM,
+   managed by libvirt. It can convert guests from VMware or Xen to run
+   on OpenStack, oVirt (RHEV-M), or local libvirt. It will enable VirtIO
+   drivers in the converted guest if possible. (Note this tool is
+   included with libguestfs)
+   For RHEL customers of Red Hat, conversion of Windows guests is also
+   possible. This conversion requires some Microsoft signed pieces, that
+   Red Hat can provide.
+`vmware2libvirt <https://launchpad.net/virt-goodies>`__
+   Part of the *virt-goodies* package, vmware2libvirt is a python script
+   for migrating a vmware image to libvirt.
+
+Desktop applications
+--------------------
+
+`virt-manager <https://virt-manager.org/>`__
+   A general purpose desktop management tool, able to manage virtual
+   machines across both local and remotely accessed hypervisors. It is
+   targeted at home and small office usage up to managing 10-20 hosts
+   and their VMs.
+`virt-viewer <https://virt-manager.org/>`__
+   A lightweight tool for accessing the graphical console associated
+   with a virtual machine. It can securely connect to remote consoles
+   supporting the VNC protocol. Also provides an optional mozilla
+   browser plugin.
+`qt-virt-manager <https://f1ash.github.io/qt-virt-manager>`__
+   The Qt GUI for create and control VMs and another virtual entities
+   (aka networks, storages, interfaces, secrets, network filters).
+   Contains integrated LXC/SPICE/VNC viewer for accessing the graphical
+   or text console associated with a virtual machine or container.
+`qt-remote-viewer <https://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer>`__
+   The Qt VNC/SPICE viewer for access to remote desktops or VMs.
+
+Infrastructure as a Service (IaaS)
+----------------------------------
+
+`Cracow Cloud One <http://cc1.ifj.edu.pl>`__
+   The CC1 system provides a complete solution for Private Cloud
+   Computing. An intuitive web access interface with an administration
+   module and simple installation procedure make it easy to benefit from
+   private Cloud Computing technology.
+`Eucalyptus <https://github.com/eucalyptus/eucalyptus>`__
+   Eucalyptus is an on-premise Infrastructure as a Service cloud
+   software platform that is open source and AWS-compatible. Eucalyptus
+   uses libvirt virtualization API to directly interact with Xen and KVM
+   hypervisors.
+`Nimbus <http://www.nimbusproject.org>`__
+   Nimbus is an open-source toolkit focused on providing
+   Infrastructure-as-a-Service (IaaS) capabilities to the scientific
+   community. It uses libvirt for communication with all KVM and Xen
+   virtual machines.
+`Snooze <http://snooze.inria.fr>`__
+   Snooze is an open-source scalable, autonomic, and energy-efficient
+   virtual machine (VM) management framework for private clouds. It
+   integrates libvirt for VM monitoring, live migration, and life-cycle
+   management.
+`OpenStack <https://www.openstack.org>`__
+   OpenStack is a "cloud operating system" usable for both public and
+   private clouds. Its various parts take care of compute, storage and
+   networking resources and interface with the user using a dashboard.
+   Compute part uses libvirt to manage VM life-cycle, monitoring and so
+   on.
+`KubeVirt <https://kubevirt.io/>`__
+   KubeVirt is a virtual machine management add-on for Kubernetes. The
+   aim is to provide a common ground for virtualization solutions on top
+   of Kubernetes.
+`Cherrypop <https://github.com/gustavfranssonnyvell/cherrypop>`__
+   A cloud software with no masters or central points. Nodes autodetect
+   other nodes and autodistribute virtual machines and autodivide up the
+   workload. Also there is no minimum limit for hosts, well, one might
+   be nice. It's perfect for setting up low-end servers in a cloud or a
+   cloud where you want the most bang for the bucks.
+`ZStack <https://en.zstack.io/>`__
+   ZStack is an open source IaaS software that aims to automate the
+   management of all resources (compute, storage, networking, etc.) in a
+   datacenter by using APIs, thus conforming to the principles of a
+   software-defined datacenter. The key strengths of ZStack in terms of
+   management are scalability, performance, and a fast, user-friendly
+   deployment.
+
+Libraries
+---------
+
+`libguestfs <https://libguestfs.org>`__
+   A library and set of tools for accessing and modifying virtual
+   machine disk images. It can be linked with C and C++ management
+   programs, and has bindings for Perl, Python, Ruby, Java, OCaml, PHP,
+   Haskell, and C#.
+   Using its FUSE module, you can also mount guest filesystems on the
+   host, and there is a subproject to allow merging changes into the
+   Windows Registry in Windows guests.
+`libvirt-sandbox <https://sandbox.libvirt.org>`__
+   A library and command line tools for simplifying the creation of
+   application sandboxes using virtualization technology. It currently
+   supports either KVM, QEMU or LXC as backends. Integration with
+   systemd facilitates sandboxing of system services like apache.
+`Ruby Libvirt Object bindings <https://github.com/ohadlevy/virt#readme>`__
+   Allows using simple ruby objects to manipulate hypervisors, guests,
+   storage, network etc. It is based on top of the `native ruby
+   bindings <https://libvirt.org/ruby>`__.
+
+LiveCD / Appliances
+-------------------
+
+`virt-p2v <https://libguestfs.org/virt-v2v/>`__
+   An older tool for converting a physical machine into a virtual
+   machine. It is a LiveCD which is booted on the machine to be
+   converted. It collects a little information from the user, then
+   copies the disks over to a remote machine and defines the XML for a
+   domain to run the guest.
+
+Monitoring
+----------
+
+`collectd <https://collectd.org/plugins/libvirt.shtml>`__
+   The libvirt-plugin is part of `collectd <https://collectd.org/>`__
+   and gathers statistics about virtualized guests on a system. This
+   way, you can collect CPU, network interface and block device usage
+   for each guest without installing collectd on the guest systems. For
+   a full description, please refer to the libvirt section in the
+   collectd.conf(5) manual page.
+`Host sFlow <https://www.sflow.net/>`__
+   Host sFlow is a lightweight agent running on KVM hypervisors that
+   links to libvirt library and exports standardized cpu, memory,
+   network and disk metrics for all virtual machines.
+`Munin <https://honk.sigxcpu.org/projects/libvirt/#munin>`__
+   The plugins provided by Guido Günther allow to monitor various things
+   like network and block I/O with
+   `Munin <http://munin.projects.linpro.no/>`__.
+`Nagios-virt <https://people.redhat.com/rjones/nagios-virt/>`__
+   Nagios-virt is a configuration tool to add monitoring of your
+   virtualised domains to `Nagios <https://www.nagios.org/>`__. You can
+   use this tool to either set up a new Nagios installation for your Xen
+   or QEMU/KVM guests, or to integrate with your existing Nagios
+   installation.
+`PCP <https://pcp.io/man/man1/pmdalibvirt.1.html>`__
+   The PCP libvirt PMDA (plugin) is part of the
+   `PCP <https://pcp.io/>`__ toolkit and provides hypervisor and guest
+   information and complete set of guest performance metrics. It
+   supports pCPU, vCPU, memory, block device, network interface, and
+   performance event metrics for each virtual guest.
+
+Provisioning
+------------
+
+`Tivoli Provisioning Manager <https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Provisioning+Manager>`__
+   Part of the IBM Tivoli family, Tivoli Provisioning Manager (TPM) is
+   an IT lifecycle automation product. It `uses
+   libvirt <http://publib.boulder.ibm.com/infocenter/tivihelp/v38r1/index.jsp?topic=/com.ibm.tivoli.tpm.apk.doc/libvirt_package.html>`__
+   for communication with virtualization hosts and guest domains.
+
+`Foreman <https://theforeman.org>`__
+   Foreman is an open source web based application aimed to be a Single
+   Address For All Machines Life Cycle Management. Foreman:
+
+   -  Creates everything you need when adding a new machine to your
+      network, its goal being automatically managing everything you
+      would normally manage manually (DNS, DHCP, TFTP, Virtual
+      Machines,CA, CMDB...)
+   -  Integrates with Puppet (and acts as web front end to it).
+   -  Takes care of provisioning until the point puppet is running,
+      allowing Puppet to do what it does best.
+   -  Shows you Systems Inventory (based on Facter) and provides real
+      time information about hosts status based on Puppet reports.
+
+Web applications
+----------------
+
+`AbiCloud <https://www.abiquo.com/>`__
+   AbiCloud is an open source cloud platform manager which allows to
+   easily deploy a private cloud in your datacenter. One of the key
+   differences of AbiCloud is the web rich interface for managing the
+   infrastructure. You can deploy a new service just dragging and
+   dropping a VM.
+`Kimchi <https://kimchi-project.github.io/kimchi/>`__
+   Kimchi is an HTML5 based management tool for KVM. It is designed to
+   make it as easy as possible to get started with KVM and create your
+   first guest. Kimchi manages KVM guests through libvirt. The
+   management interface is accessed over the web using a browser that
+   supports HTML5.
+`oVirt <https://ovirt.org/>`__
+   oVirt provides the ability to manage large numbers of virtual
+   machines across an entire data center of hosts. It integrates with
+   FreeIPA for Kerberos authentication, and in the future, certificate
+   management.
+`VMmanager <https://ispsystem.com/en/software/vmmanager>`__
+   VMmanager is a software solution for virtualization management that
+   can be used both for hosting virtual machines and building a cloud.
+   VMmanager can manage not only one server, but a large cluster of
+   hypervisors. It delivers a number of functions, such as live
+   migration that allows for load balancing between cluster nodes,
+   monitoring CPU, memory.
+`mist.io <https://mist.io/>`__
+   Mist.io is an open source project and a service that can assist you
+   in managing your virtual machines on a unified way, providing a
+   simple interface for all of your infrastructure (multiple public
+   cloud providers, OpenStack based public/private clouds, Docker
+   servers, bare metal servers and now KVM hypervisors).
+`Ravada <https://ravada.upc.edu/>`__
+   Ravada is an open source tool for managing Virtual Desktop
+   Infrastructure (VDI). It is very easy to install and use. Following
+   the documentation, you'll be ready to deploy virtual machines in
+   minutes. The only requirements for the users are a Web browser and a
+   lightweight remote viewer.
+`Virtlyst <https://github.com/cutelyst/Virtlyst>`__
+   Virtlyst is an open source web application built with C++11, Cutelyst
+   and Qt. It features:
+
+   -  Low memory usage (around 5 MiB of RAM)
+   -  Look and feel easily customized with HTML templates that use the
+      Django syntax
+   -  VNC/Spice console directly in the browser using websockets on the
+      same HTTP port
+   -  Host and Domain statistics graphs (CPU, Memory, IO, Network)
+   -  Connect to multiple libvirtd instances (over local Unix domain
+      socket, SSH, TCP and TLS)
+   -  Manage Storage Pools, Storage Volumes, Networks, Interfaces, and
+      Secrets
+   -  Create and launch VMs
+   -  Configure VMs with easy panels or go pro and edit the VM's XML
+
+Other
+-----
+
+`Cuckoo Sandbox <https://cuckoosandbox.org/>`__
+   Cuckoo Sandbox is a malware analysis system. You can throw any
+   suspicious file at it and in a matter of seconds Cuckoo will provide
+   you back some detailed results outlining what such file did when
+   executed inside an isolated environment. And libvirt is one of the
+   backends that can be used for the isolated environment.
+
+.. |libvirt powered 96| image:: logos/logo-square-powered-96.png
+.. |libvirt powered 128| image:: logos/logo-square-powered-128.png
+.. |libvirt powered 192| image:: logos/logo-square-powered-192.png
+.. |libvirt powered 256| image:: logos/logo-square-powered-256.png
--- a/docs/architecture.gif
+++ b/docs/architecture.gif
--- a/docs/architecture.html.in
+++ b/docs/architecture.html.in
@@ -1,82 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1 >libvirt architecture</h1>
-
-    <p>
-      Currently libvirt supports 2 kind of virtualization, and its
-      internal structure is based on a driver model which simplifies
-      adding new
-      engines:
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="Xen">Xen support</a></h2>
-
-    <p>When running in a Xen environment, programs using libvirt have to execute
-in "Domain 0", which is the primary Linux OS loaded on the machine. That OS
-kernel provides most if not all of the actual drivers used by the set of
-domains. It also runs the Xen Store, a database of information shared by the
-hypervisor, the backend drivers, any running domains, and libxl (aka libxenlight).
-libxl provides a set of APIs for creating and managing domains, which can be used
-by applications such as the xl tool provided by Xen or libvirt. The hypervisor,
-drivers, kernels and daemons communicate though a shared system bus
-implemented in the hypervisor. The figure below tries to provide a view of
-this environment:</p>
-    <img src="architecture.gif" alt="The Xen architecture" />
-    <p>The library will interact with libxl for all management operations
-on a Xen system.</p>
-    <p>Note that the libvirt libxl driver only supports root access.</p>
-
-    <h2><a id="QEMU">QEMU and KVM support</a></h2>
-
-    <p>The model for QEMU and KVM is completely similar, basically KVM is based
-on QEMU for the process controlling a new domain, only small details differs
-between the two. In both case the libvirt API is provided by a controlling
-process forked by libvirt in the background and which launch and control the
-QEMU or KVM process. That program called libvirt_qemud talks though a specific
-protocol to the library, and connects to the console of the QEMU process in
-order to control and report on its status. Libvirt tries to expose all the
-emulations models of QEMU, the selection is done when creating the new
-domain, by specifying the architecture and machine type targeted.</p>
-    <p>The code controlling the QEMU process is available in the
-<code>qemud/</code> directory.</p>
-
-    <h2><a id="drivers">Driver based architecture</a></h2>
-
-    <p>As the previous section explains, libvirt can communicate using different
-channels with the current hypervisor, and should also be able to use
-different kind of hypervisor. To simplify the internal design, code, ease
-maintenance and simplify the support of other virtualization engine the
-internals have been structured as one core component, the libvirt.c module
-acting as a front-end for the library API and a set of hypervisor drivers
-defining a common set of routines. That way the Xen Daemon access, the Xen
-Store one, the Hypervisor hypercall are all isolated in separate C modules
-implementing at least a subset of the common operations defined by the
-drivers present in driver.h:</p>
-    <ul>
-      <li>xend_internal: implements the driver functions though the Xen
-  Daemon</li>
-      <li>xs_internal: implements the subset of the driver available though the
-    Xen Store</li>
-      <li>xen_internal: provide the implementation of the functions possible via
-    direct hypervisor access</li>
-      <li>proxy_internal: provide read-only Xen access via a proxy, the proxy code
-    is in the <code>proxy/</code> directory.</li>
-      <li>xm_internal: provide support for Xen defined but not running
-    domains.</li>
-      <li>qemu_internal: implement the driver functions for QEMU and
-    KVM virtualization engines. It also uses a qemud/ specific daemon
-    which interacts with the QEMU process to implement libvirt API.</li>
-      <li>test: this is a test driver useful for regression tests of the
-    front-end part of libvirt.</li>
-    </ul>
-    <p>Note that a given driver may only implement a subset of those functions,
-(for example saving a Xen domain state to disk and restoring it is only
-possible though the Xen Daemon), in that case the driver entry points for
-unsupported functions are initialized to NULL.</p>
-    <p></p>
-  </body>
-</html>
--- a/docs/architecture.svg
+++ b/docs/architecture.svg
@@ -1,239 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Creator: fig2dev Version 3.2.7b-dev -->
-<!-- CreationDate: 2020-07-10 10:23:50 -->
-<!-- Magnification: 1 -->
-<svg	xmlns="http://www.w3.org/2000/svg"
-	xmlns:xlink="http://www.w3.org/1999/xlink"
-	width="519pt" height="362pt"
-	viewBox="888 3963 8649 6024">
-<g fill="none">
-<!-- Line -->
-<rect x="1050" y="7500" width="8325" height="1200"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<rect x="1050" y="4125" width="2475" height="3150" rx="105"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<polyline points=" 1050,6540 3540,6525"
-	stroke="#000000" stroke-width="15px" stroke-dasharray="60 60"/>
-<!-- Line -->
-<rect x="1140" y="6645" width="450" height="255" rx="105"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<rect x="1140" y="6930" width="450" height="255" rx="105"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp0">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 8353,7665 8353,7785 8651,7751 8651,7700z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 1875,7725 8625,7725" clip-path="url(#cp0)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 8625,7725 -->
-<polygon points=" 8353,7785 8593,7725 8353,7665 8353,7785"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Backward arrow to point 1875,7725 -->
-<polygon points=" 2147,7665 1907,7725 2147,7785 2147,7665"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<rect x="1650" y="5625" width="1350" height="750"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp1">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 2790,6647 2910,6647 2876,6350 2825,6350z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 2850,7725 2850,6375" clip-path="url(#cp1)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 2850,6375 -->
-<polygon points=" 2910,6647 2850,6407 2790,6647 2910,6647"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<rect x="3975" y="4125" width="2475" height="3150" rx="105"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<rect x="6825" y="4125" width="2475" height="3150" rx="105"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<polyline points=" 3975,6540 6465,6525"
-	stroke="#000000" stroke-width="15px" stroke-dasharray="60 60"/>
-<!-- Line -->
-<polyline points=" 6825,6540 9315,6525"
-	stroke="#000000" stroke-width="15px" stroke-dasharray="60 60"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp2">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 5340,7322 5460,7322 5426,7025 5375,7025z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 5400,7725 5400,7050" clip-path="url(#cp2)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 5400,7050 -->
-<polygon points=" 5460,7322 5400,7082 5340,7322 5460,7322"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp3">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 7965,7322 8085,7322 8051,7025 8000,7025z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 8025,7725 8025,7050" clip-path="url(#cp3)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 8025,7050 -->
-<polygon points=" 8085,7322 8025,7082 7965,7322 8085,7322"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<rect x="1050" y="8925" width="8325" height="975"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<rect x="2100" y="4575" width="1350" height="750"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp4">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 3285,8053 3165,8053 3207,8343 3243,8343z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 3225,5325 3225,8325" clip-path="url(#cp4)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 3225,8325 -->
-<polygon points=" 3165,8053 3225,8293 3285,8053 3165,8053"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp5">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 6285,7978 6165,7978 6207,8268 6243,8268z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 6225,6900 6225,8250" clip-path="url(#cp5)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 6225,8250 -->
-<polygon points=" 6165,7978 6225,8218 6285,7978 6165,7978"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp6">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 8985,7978 8865,7978 8907,8268 8943,8268z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 8925,6900 8925,8250" clip-path="url(#cp6)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 8925,8250 -->
-<polygon points=" 8865,7978 8925,8218 8985,7978 8865,7978"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp7">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 1785,8053 1665,8053 1707,8343 1743,8343z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 1725,7125 1725,8325" clip-path="url(#cp7)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 1725,8325 -->
-<polygon points=" 1665,8053 1725,8293 1785,8053 1665,8053"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp8">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 2790,5297 2910,5297 2876,5000 2825,5000z
-		M 2910,5578 2790,5578 2825,5876 2876,5876z"/>
-</clipPath>
-</defs>
-<polyline points=" 2850,5850 2850,5025" clip-path="url(#cp8)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 2850,5025 -->
-<polygon points=" 2910,5297 2850,5057 2790,5297 2910,5297"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Backward arrow to point 2850,5850 -->
-<polygon points=" 2790,5578 2850,5818 2910,5578 2790,5578"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp9">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 5235,9103 5115,9103 5157,9393 5193,9393z
-		M 2910,5578 2790,5578 2825,5876 2876,5876z"/>
-</clipPath>
-</defs>
-<polyline points=" 5175,8475 5175,9375" clip-path="url(#cp9)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 5175,9375 -->
-<polygon points=" 5115,9103 5175,9343 5235,9103 5115,9103"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp10">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 1410,9178 1290,9178 1332,9468 1368,9468z
-		M 2910,5578 2790,5578 2825,5876 2876,5876z"/>
-</clipPath>
-</defs>
-<polyline points=" 1350,7125 1350,9450" clip-path="url(#cp10)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 1350,9450 -->
-<polygon points=" 1290,9178 1350,9418 1410,9178 1290,9178"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp11">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 2265,7472 2385,7472 2351,7175 2300,7175z
-		M 2910,5578 2790,5578 2825,5876 2876,5876z"/>
-</clipPath>
-</defs>
-<polyline points=" 2325,7725 2325,7200" clip-path="url(#cp11)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 2325,7200 -->
-<polygon points=" 2385,7472 2325,7232 2265,7472 2385,7472"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<polyline points=" 900,3975"
-	stroke="#000000" stroke-width="8px" stroke-dasharray="40 40"/>
-<!-- Line -->
-<polyline points=" 9525,9975"
-	stroke="#000000" stroke-width="8px" stroke-dasharray="40 40"/>
-<!-- Text -->
-<text xml:space="preserve" x="4350" y="7980" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">XenBus</text>
-<!-- Text -->
-<text xml:space="preserve" x="1680" y="6870" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">drivers</text>
-<!-- Text -->
-<text xml:space="preserve" x="1800" y="6075" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">XenStore</text>
-<!-- Text -->
-<text xml:space="preserve" x="1875" y="7125" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">Kernel0</text>
-<!-- Text -->
-<text xml:space="preserve" x="4875" y="6975" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">KernelU</text>
-<!-- Text -->
-<text xml:space="preserve" x="7650" y="6975" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">KernelU</text>
-<!-- Text -->
-<text xml:space="preserve" x="4050" y="8400" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">Xen Hypervisor</text>
-<!-- Text -->
-<text xml:space="preserve" x="2325" y="4950" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">Xend</text>
-<!-- Text -->
-<text xml:space="preserve" x="1200" y="4725" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">Dom0</text>
-<!-- Text -->
-<text xml:space="preserve" x="4875" y="5325" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">DomU</text>
-<!-- Text -->
-<text xml:space="preserve" x="7650" y="5325" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">DomU</text>
-<!-- Text -->
-<text xml:space="preserve" x="3750" y="9450" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">Hardware</text>
-</g>
-</svg>
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -1,375 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Audit log</h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="intro">Introduction</a></h2>
-
-    <p>
-      A number of the libvirt virtualization drivers (QEMU/KVM and LXC) include
-      support for logging details of important operations to the host's audit
-      subsystem. This provides administrators / auditors with a canonical historical
-      record of changes to virtual machines' / containers' lifecycle states and
-      their configuration. On hosts which are running the Linux audit daemon,
-      the logs will usually end up in <code>/var/log/audit/audit.log</code>
-    </p>
-
-    <h2><a id="config">Configuration</a></h2>
-
-    <p>
-      The libvirt audit integration is enabled by default on any host which has
-      the Linux audit subsystem active, and disabled otherwise. It is possible
-      to alter this behaviour in the <code>/etc/libvirt/libvirtd.conf</code>
-      configuration file, via the <code>audit_level</code> parameter
-    </p>
-
-    <ul>
-      <li><code>audit_level=0</code> - libvirt auditing is disabled regardless
-        of host audit subsystem enablement.</li>
-      <li><code>audit_level=1</code> - libvirt auditing is enabled if the host
-        audit subsystem is enabled, otherwise it is disabled. This is the
-        default behaviour.</li>
-      <li><code>audit_level=2</code> - libvirt auditing is enabled regardless
-        of host audit subsystem enablement. If the host audit subsystem is
-        disabled, then libvirtd will refuse to complete startup and exit with
-        an error.</li>
-    </ul>
-
-    <p>
-      In addition to have formal messages sent to the audit subsystem it is
-      possible to tell libvirt to inject messages into its own logging
-      layer. This will result in messages ending up in the systemd journal
-      or <code>/var/log/libvirt/libvirtd.log</code> on non-systemd hosts.
-      This is disabled by default, but can be requested by setting the
-      <code>audit_logging=1</code> configuration parameter in the same file
-      mentioned above.
-    </p>
-
-    <h2><a id="types">Message types</a></h2>
-
-    <p>
-      Libvirt defines three core audit message types each of which will
-      be described below. There are a number of common fields that will
-      be reported for all message types.
-    </p>
-
-    <dl>
-      <dt><code>pid</code></dt>
-      <dd>Process ID of the libvirtd daemon generating the audit record.</dd>
-      <dt><code>uid</code></dt>
-      <dd>User ID of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>subj</code></dt>
-      <dd>Security context of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>msg</code></dt>
-      <dd>String containing a list of key=value pairs specific to the type of audit record being reported.</dd>
-    </dl>
-
-    <p>
-      Some fields in the <code>msg</code> string are common to audit records
-    </p>
-
-    <dl>
-      <dt><code>virt</code></dt>
-      <dd>Type of virtualization driver used. One of <code>qemu</code> or <code>lxc</code></dd>
-      <dt><code>vm</code></dt>
-      <dd>Host driver unique name of the guest</dd>
-      <dt><code>uuid</code></dt>
-      <dd>Globally unique identifier for the guest</dd>
-      <dt><code>exe</code></dt>
-      <dd>Path of the libvirtd daemon</dd>
-      <dt><code>hostname</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>addr</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>terminal</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>res</code></dt>
-      <dd>Result of the action, either <code>success</code> or <code>failed</code></dd>
-    </dl>
-
-    <h3><a id="typecontrol">VIRT_CONTROL</a></h3>
-
-    <p>
-      Reports change in the lifecycle state of a virtual machine. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>op</code></dt>
-      <dd>Type of operation performed. One of <code>start</code>, <code>stop</code> or <code>init</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the operation to happen</dd>
-      <dt><code>vm-pid</code></dt>
-      <dd>ID of the primary/leading process associated with the guest</dd>
-      <dt><code>init-pid</code></dt>
-      <dd>ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-      <dt><code>pid-ns</code></dt>
-      <dd>Namespace ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-    </dl>
-
-    <h3><a id="typemachine">VIRT_MACHINE_ID</a></h3>
-
-    <p>
-      Reports the association of a security context with a guest. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>model</code></dt>
-      <dd>The security driver type. One of <code>selinux</code> or <code>apparmor</code></dd>
-      <dt><code>vm-ctx</code></dt>
-      <dd>Security context for the guest process</dd>
-      <dt><code>img-ctx</code></dt>
-      <dd>Security context for the guest disk images and other assigned host resources</dd>
-    </dl>
-
-    <h3><a id="typeresource">VIRT_RESOURCE</a></h3>
-
-    <p>
-      Reports the usage of a host resource by a guest. The fields include will
-      vary according to the type of device being reported. When the guest is
-      initially booted records will be generated for all assigned resources.
-      If any changes are made to the running guest configuration, for example
-      hotplug devices, or adjust resources allocation, further records will
-      be generated.
-    </p>
-
-    <h4><a id="typeresourcevcpu">Virtual CPU</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>vcpu</code></dd>
-      <dt><code>old-vcpu</code></dt>
-      <dd>Original vCPU count, or 0</dd>
-      <dt><code>new-vcpu</code></dt>
-      <dd>Updated vCPU count</dd>
-    </dl>
-
-
-    <h4><a id="typeresourcemem">Memory</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>mem</code></dd>
-      <dt><code>old-mem</code></dt>
-      <dd>Original memory size in bytes, or 0</dd>
-      <dt><code>new-mem</code></dt>
-      <dd>Updated memory size in bytes</dd>
-    </dl>
-
-    <h4><a id="typeresourcedisk">Disk</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>disk</code></dd>
-      <dt><code>old-disk</code></dt>
-      <dd>Original host file or device path acting as the disk backing file</dd>
-      <dt><code>new-disk</code></dt>
-      <dd>Updated host file or device path acting as the disk backing file</dd>
-    </dl>
-
-    <h4><a id="typeresourcenic">Network interface</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>old-net</code></dt>
-      <dd>Original MAC address of the guest network interface</dd>
-      <dt><code>new-net</code></dt>
-      <dd>Updated MAC address of the guest network interface</dd>
-    </dl>
-
-    <p>
-      If there is a host network interface associated with the guest NIC then
-      further records may be generated
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>net</code></dt>
-      <dd>MAC address of the host network interface</dd>
-      <dt><code>rdev</code></dt>
-      <dd>Name of the host network interface</dd>
-    </dl>
-
-    <h4><a id="typeresourcefs">Filesystem</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>fs</code></dd>
-      <dt><code>old-fs</code></dt>
-      <dd>Original host directory, file or device path backing the filesystem </dd>
-      <dt><code>new-fs</code></dt>
-      <dd>Updated host directory, file or device path backing the filesystem</dd>
-    </dl>
-
-    <h4><a id="typeresourcehost">Host device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>hostdev</code> or <code>dev</code></dd>
-      <dt><code>dev</code></dt>
-      <dd>The unique bus identifier of the USB, PCI or SCSI device, if <code>resrc=dev</code></dd>
-      <dt><code>disk</code></dt>
-      <dd>The path of the block device assigned to the guest, if <code>resrc=hostdev</code></dd>
-      <dt><code>chardev</code></dt>
-      <dd>The path of the character device assigned to the guest, if <code>resrc=hostdev</code></dd>
-    </dl>
-
-    <h4><a id="typeresourcetpm">TPM</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>tpm</code> or <code>tpm-emulator</code></dd>
-      <dt><code>device</code></dt>
-      <dd>The path of the host TPM device assigned to the guest</dd>
-    </dl>
-
-    <h4><a id="typeresourcerng">RNG</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>rng</code></dd>
-      <dt><code>old-rng</code></dt>
-      <dd>Original path of the host entropy source for the RNG</dd>
-      <dt><code>new-rng</code></dt>
-      <dd>Updated path of the host entropy source for the RNG</dd>
-    </dl>
-
-    <h4><a id="typeresourcechardev">console/serial/parallel/channel</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>chardev</code></dd>
-      <dt><code>old-chardev</code></dt>
-      <dd>Original path of the backing character device for given emulated device</dd>
-      <dt><code>new-chardev</code></dt>
-      <dd>Updated path of the backing character device for given emulated device</dd>
-    </dl>
-
-    <h4><a id="typeresourcesmartcard">smartcard</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
-      <dt><code>old-smartcard</code></dt>
-      <dd>Original path of the backing character device, certificate store or
-          "nss-smartcard-device" for host smartcard passthrough.
-      </dd>
-      <dt><code>new-smartcard</code></dt>
-      <dd>Updated path of the backing character device, certificate store or
-          "nss-smartcard-device" for host smartcard passthrough.
-      </dd>
-    </dl>
-
-    <h4><a id="typeresourceredir">Redirected device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>redir</code></dd>
-      <dt><code>bus</code></dt>
-      <dd>The bus type, only <code>usb</code> allowed</dd>
-      <dt><code>device</code></dt>
-      <dd>The device type, only <code>USB redir</code> allowed</dd>
-    </dl>
-
-    <h4><a id="typeresourcecgroup">Control group</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>cgroup</code></dd>
-      <dt><code>cgroup</code></dt>
-      <dd>The name of the cgroup controller</dd>
-    </dl>
-
-
-    <h4><a id="typeresourceshmem">Shared memory</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>shmem</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>size</code></dt>
-      <dd>The size of the shared memory region</dd>
-      <dt><code>shmem</code></dt>
-      <dd>Name of the shared memory region</dd>
-      <dt><code>source</code></dt>
-      <dd>Path of the backing character device for given emulated device</dd>
-    </dl>
-
-  </body>
-</html>
--- a/docs/auditlog.rst
+++ b/docs/auditlog.rst
@@ -0,0 +1,321 @@
+=========
+Audit log
+=========
+
+.. contents::
+
+Introduction
+------------
+
+A number of the libvirt virtualization drivers (QEMU/KVM and LXC)
+include support for logging details of important operations to the
+host's audit subsystem. This provides administrators / auditors with a
+canonical historical record of changes to virtual machines' /
+containers' lifecycle states and their configuration. On hosts which are
+running the Linux audit daemon, the logs will usually end up in
+``/var/log/audit/audit.log``
+
+Configuration
+-------------
+
+The libvirt audit integration is enabled by default on any host which
+has the Linux audit subsystem active, and disabled otherwise. It is
+possible to alter this behaviour in the ``/etc/libvirt/libvirtd.conf``
+configuration file, via the ``audit_level`` parameter
+
+-  ``audit_level=0`` - libvirt auditing is disabled regardless of host
+   audit subsystem enablement.
+-  ``audit_level=1`` - libvirt auditing is enabled if the host audit
+   subsystem is enabled, otherwise it is disabled. This is the default
+   behaviour.
+-  ``audit_level=2`` - libvirt auditing is enabled regardless of host
+   audit subsystem enablement. If the host audit subsystem is disabled,
+   then libvirtd will refuse to complete startup and exit with an error.
+
+In addition to have formal messages sent to the audit subsystem it is
+possible to tell libvirt to inject messages into its own logging layer.
+This will result in messages ending up in the systemd journal or
+``/var/log/libvirt/libvirtd.log`` on non-systemd hosts. This is disabled
+by default, but can be requested by setting the ``audit_logging=1``
+configuration parameter in the same file mentioned above.
+
+Message types
+-------------
+
+Libvirt defines three core audit message types each of which will be
+described below. There are a number of common fields that will be
+reported for all message types.
+
+``pid``
+   Process ID of the libvirtd daemon generating the audit record.
+``uid``
+   User ID of the libvirtd daemon process generating the audit record.
+``subj``
+   Security context of the libvirtd daemon process generating the audit
+   record.
+``msg``
+   String containing a list of key=value pairs specific to the type of
+   audit record being reported.
+
+Some fields in the ``msg`` string are common to audit records
+
+``virt``
+   Type of virtualization driver used. One of ``qemu`` or ``lxc``
+``vm``
+   Host driver unique name of the guest
+``uuid``
+   Globally unique identifier for the guest
+``exe``
+   Path of the libvirtd daemon
+``hostname``
+   Currently unused
+``addr``
+   Currently unused
+``terminal``
+   Currently unused
+``res``
+   Result of the action, either ``success`` or ``failed``
+
+VIRT_CONTROL
+~~~~~~~~~~~~
+
+Reports change in the lifecycle state of a virtual machine. The ``msg``
+field will include the following sub-fields
+
+``op``
+   Type of operation performed. One of ``start``, ``stop`` or ``init``
+``reason``
+   The reason which caused the operation to happen
+``vm-pid``
+   ID of the primary/leading process associated with the guest
+``init-pid``
+   ID of the ``init`` process in a container. Only if ``op=init`` and
+   ``virt=lxc``
+``pid-ns``
+   Namespace ID of the ``init`` process in a container. Only if
+   ``op=init`` and ``virt=lxc``
+
+VIRT_MACHINE_ID
+~~~~~~~~~~~~~~~
+
+Reports the association of a security context with a guest. The ``msg``
+field will include the following sub-fields
+
+``model``
+   The security driver type. One of ``selinux`` or ``apparmor``
+``vm-ctx``
+   Security context for the guest process
+``img-ctx``
+   Security context for the guest disk images and other assigned host
+   resources
+
+VIRT_RESOURCE
+~~~~~~~~~~~~~
+
+Reports the usage of a host resource by a guest. The fields include will
+vary according to the type of device being reported. When the guest is
+initially booted records will be generated for all assigned resources.
+If any changes are made to the running guest configuration, for example
+hotplug devices, or adjust resources allocation, further records will be
+generated.
+
+Virtual CPU
+^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``vcpu``
+``old-vcpu``
+   Original vCPU count, or 0
+``new-vcpu``
+   Updated vCPU count
+
+Memory
+^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``mem``
+``old-mem``
+   Original memory size in bytes, or 0
+``new-mem``
+   Updated memory size in bytes
+
+Disk
+^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``disk``
+``old-disk``
+   Original host file or device path acting as the disk backing file
+``new-disk``
+   Updated host file or device path acting as the disk backing file
+
+Network interface
+^^^^^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``net``
+``old-net``
+   Original MAC address of the guest network interface
+``new-net``
+   Updated MAC address of the guest network interface
+
+If there is a host network interface associated with the guest NIC then
+further records may be generated
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``net``
+``net``
+   MAC address of the host network interface
+``rdev``
+   Name of the host network interface
+
+Filesystem
+^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``fs``
+``old-fs``
+   Original host directory, file or device path backing the filesystem
+``new-fs``
+   Updated host directory, file or device path backing the filesystem
+
+Host device
+^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``hostdev`` or ``dev``
+``dev``
+   The unique bus identifier of the USB, PCI or SCSI device, if
+   ``resrc=dev``
+``disk``
+   The path of the block device assigned to the guest, if
+   ``resrc=hostdev``
+``chardev``
+   The path of the character device assigned to the guest, if
+   ``resrc=hostdev``
+
+TPM
+^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``tpm`` or ``tpm-emulator``
+``device``
+   The path of the host TPM device assigned to the guest
+
+RNG
+^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``rng``
+``old-rng``
+   Original path of the host entropy source for the RNG
+``new-rng``
+   Updated path of the host entropy source for the RNG
+
+console/serial/parallel/channel
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``chardev``
+``old-chardev``
+   Original path of the backing character device for given emulated
+   device
+``new-chardev``
+   Updated path of the backing character device for given emulated
+   device
+
+smartcard
+^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``smartcard``
+``old-smartcard``
+   Original path of the backing character device, certificate store or
+   "nss-smartcard-device" for host smartcard passthrough.
+``new-smartcard``
+   Updated path of the backing character device, certificate store or
+   "nss-smartcard-device" for host smartcard passthrough.
+
+Redirected device
+^^^^^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``redir``
+``bus``
+   The bus type, only ``usb`` allowed
+``device``
+   The device type, only ``USB redir`` allowed
+
+Control group
+^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``cgroup``
+``cgroup``
+   The name of the cgroup controller
+
+Shared memory
+^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``resrc``
+   The type of resource assigned. Set to ``shmem``
+``reason``
+   The reason which caused the resource to be assigned to happen
+``size``
+   The size of the shared memory region
+``shmem``
+   Name of the shared memory region
+``source``
+   Path of the backing character device for given emulated device
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@@ -1,368 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Connection authentication</h1>
-    <p>
-      When connecting to libvirt, some connections may require client
-      authentication before allowing use of the APIs. The set of possible
-      authentication mechanisms is administrator controlled, independent
-      of applications using libvirt. Once authenticated, libvirt can apply
-      fine grained <a href="acl.html">access control</a> to the operations
-      performed by a client.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="Auth_client_config">Client configuration</a></h2>
-
-    <p>
-      When connecting to a remote hypervisor which requires authentication,
-most libvirt applications will prompt the user for the credentials. It is
-also possible to provide a client configuration file containing all the
-authentication credentials, avoiding any interaction. Libvirt will look
-for the authentication file using the following sequence:
-    </p>
-    <ol>
-      <li>The file path specified by the $LIBVIRT_AUTH_FILE environment
-        variable.</li>
-      <li>The file path specified by the "authfile=/some/file" URI
-        query parameter</li>
-      <li>The file $XDG_CONFIG_HOME/libvirt/auth.conf</li>
-      <li>The file /etc/libvirt/auth.conf</li>
-    </ol>
-
-    <p>
-      The auth configuration file uses the traditional <code>".ini"</code>
-      style syntax. There are two types of groups that can be present in
-      the config. First there are one or more <strong>credential</strong>
-      sets, which provide the actual authentication credentials. The keys
-      within the group may be:
-    </p>
-
-    <ul>
-      <li><code>username</code>: the user login name to act as. This
-        is relevant for ESX, Xen, HyperV and SSH, but probably not
-        the one you want to libvirtd with SASL.</li>
-      <li><code>authname</code>: the name to authorize as. This is
-        what is commonly required for libvirtd with SASL.</li>
-      <li><code>password</code>: the secret password</li>
-      <li><code>realm</code>: the domain realm for SASL, mostly
-        unused</li>
-    </ul>
-
-    <p>
-      Each set of credentials has a name, which is part of the group
-      entry name. Overall the syntax is
-    </p>
-
-    <pre>
-[credentials-$NAME]
-credname1=value1
-credname2=value2</pre>
-
-    <p>
-      For example, to define two sets of credentials used for production
-      and test machines, using libvirtd, and a further ESX server for dev:
-    </p>
-<pre>
-[credentials-test]
-authname=fred
-password=123456
-
-[credentials-prod]
-authname=bar
-password=letmein
-
-[credentials-dev]
-username=joe
-password=hello
-
-[credentials-defgrp]
-username=defuser
-password=defpw</pre>
-
-    <p>
-      The second set of groups provide mappings of credentials to
-      specific machine services. The config file group names compromise
-      the service type and host:
-    </p>
-
-    <pre>
-[auth-$SERVICE-$HOSTNAME]
-credentials=$CREDENTIALS</pre>
-
-    <p>
-      For example, following the previous example, here is how to
-      map some machines. For convenience libvirt supports a default
-      mapping of credentials to machines:
-    </p>
-
-    <pre>
-[auth-libvirt-test1.example.com]
-credentials=test
-
-[auth-libvirt-test2.example.com]
-credentials=test
-
-[auth-libvirt-demo3.example.com]
-credentials=test
-
-[auth-libvirt-prod1.example.com]
-credentials=prod
-
-[auth-libvirt-default]
-credentials=defgrp
-
-[auth-esx-dev1.example.com]
-credentials=dev
-
-[auth-esx-default]
-credentials=defgrp</pre>
-
-
-    <p>
-      The following service types are known to libvirt:
-    </p>
-
-    <ul>
-      <li><code>esx</code> - used for connections to an ESX or
-        VirtualCenter server</li>
-      <li><code>hyperv</code> - used for connections to an HyperV
-        server</li>
-      <li><code>libvirt</code> - used for connections to a libvirtd
-        server, which is configured with SASL auth</li>
-      <li><code>ssh</code> - used for connections to a remote QEMU driver
-        over SSH</li>
-    </ul>
-
-    <p>
-      Applications using libvirt are free to use this same configuration
-      file for storing other credentials. For example, it can be used
-      to storage VNC or SPICE login credentials
-    </p>
-
-    <h2><a id="ACL_server_config">Server configuration</a></h2>
-    <p>
-The libvirt daemon allows the administrator to choose the authentication
-mechanisms used for client connections on each network socket independently.
-This is primarily controlled via the libvirt daemon master config file in
-<code>/etc/libvirt/libvirtd.conf</code>. Each of the libvirt sockets can
-have its authentication mechanism configured independently. There is
-currently a choice of <code>none</code>, <code>polkit</code>, and <code>sasl</code>.
-The SASL scheme can be further configured to choose between a large
-number of different mechanisms.
-</p>
-    <h2><a id="ACL_server_unix_perms">UNIX socket permissions/group</a></h2>
-    <p>
-If libvirt does not contain support for PolicyKit, then access control for
-the UNIX domain socket is done using traditional file user/group ownership
-and permissions. There are 2 sockets, one for full read-write access, the
-other for read-only access. The RW socket will be restricted (mode 0700) to
-only allow the <code>root</code> user to connect. The read-only socket will
-be open access (mode 0777) to allow any user to connect.
-</p>
-    <p>
-To allow non-root users greater access, the <code>libvirtd.conf</code> file
-can be edited to change the permissions via the <code>unix_sock_rw_perms</code>,
-config parameter and to set a user group via the <code>unix_sock_group</code>
-parameter. For example, setting the former to mode <code>0770</code> and the
-latter <code>wheel</code> would let any user in the wheel group connect to
-the libvirt daemon.
-</p>
-    <h2><a id="ACL_server_polkit">UNIX socket PolicyKit auth</a></h2>
-    <p>
-If libvirt contains support for PolicyKit, then access control options are
-more advanced. The <code>auth_unix_rw</code> parameter will default to
-<code>polkit</code>, and the file permissions will default to <code>0777</code>
-even on the RW socket. Upon connecting to the socket, the client application
-will be required to identify itself with PolicyKit. The default policy for the
-RW daemon socket will require any application running in the current desktop
-session to authenticate using the user's password. This is akin to <code>sudo</code>
-auth, but does not require that the client application ultimately run as root.
-Default policy will still allow any application to connect to the RO socket.
-</p>
-    <p>
-The default policy can be overridden by creating a new policy file in the
-<code>/etc/polkit-1/rules.d</code> directory. Information on the options
-available can be found by reading the <code>polkit(8)</code> man page. The
-two libvirt actions are named <code>org.libvirt.unix.manage</code> for full
-management access, and <code>org.libvirt.unix.monitor</code> for read-only
-access.
-</p>
-    <p>
-As an example, creating <code>/etc/polkit-1/rules.d/80-libvirt-manage.rules</code>
-with the following gives the user <code>fred</code> full management access
-when accessing from an active local session:
-    </p>
-<pre>polkit.addRule(function(action, subject) {
-  if (action.id == "org.libvirt.unix.manage" &amp;&amp;
-      subject.local &amp;&amp; subject.active &amp;&amp; subject.user == "fred") {
-      return polkit.Result.YES;
-  }
-});</pre>
-    <p>
-Older versions of PolicyKit used policy files ending with .pkla in the
-local override directory <code>/etc/polkit-1/localauthority/50-local.d/</code>.
-Compatibility with this older format is provided by <a
-href="https://pagure.io/polkit-pkla-compat">polkit-pkla-compat</a>. As an
-example, this gives the user <code>fred</code> full management access:
-    </p>
-<pre>[Allow fred libvirt management permissions]
-Identity=unix-user:fred
-Action=org.libvirt.unix.manage
-ResultAny=yes
-ResultInactive=yes
-ResultActive=yes</pre>
-    <h2><a id="ACL_server_sasl">SASL pluggable authentication</a></h2>
-
-    <p>
-Libvirt integrates with the cyrus-sasl library to provide a pluggable authentication
-system using the SASL protocol. SASL can be used in combination with libvirtd's TLS
-or TCP socket listeners. When used with the TCP listener, the SASL mechanism is
-rqeuired to provide session encryption in addition to authentication. Only a very
-few SASL mechanisms are able to do this, and of those that can do it, only the
-GSSAPI plugin is considered acceptably secure by modern standards:
-    </p>
-
-    <dl>
-      <dt>GSSAPI</dt>
-      <dd><strong>This is the current default mechanism to use with libvirtd</strong>.
-        It uses the Kerberos v5 authentication protocol underneath, and assuming
-        the Kerberos client/server are configured with modern ciphers (AES),
-        it provides strong session encryption capabilities.</dd>
-
-      <dt>DIGEST-MD5</dt>
-      <dd>This was previously set as the default mechanism to use with libvirtd.
-        It provides a simple username/password based authentication mechanism
-        that includes session encryption.
-        <a href="https://tools.ietf.org/html/rfc6331">RFC 6331</a>, however,
-        documents a number of serious security flaws with DIGEST-MD5 and as a
-        result marks it as <code>OBSOLETE</code>. Specific concerns are that
-        it is vulnerable to MITM attacks and the MD5 hash can be brute-forced
-        to reveal the password. A replacement is provided via the SCRAM mechanism,
-        however, note that this does not provide encryption, so the SCRAM
-        mechanism can only be used on the libvirtd TLS listener.
-      </dd>
-
-      <dt>PASSDSS-3DES-1</dt>
-      <dd>This provides a simple username/password based authentication
-        mechanism that includes session encryption. The current cyrus-sasl
-        implementation does not provide a way to validate the server's
-        public key identity, thus it is susceptible to a MITM attacker
-        impersonating the server. It is also not enabled in many OS
-        distros when building SASL libraries.</dd>
-
-      <dt>KERBEROS_V4</dt>
-      <dd>This uses the obsolete Kerberos v4 protocol to provide both authentication
-        and session encryption. Kerberos v4 protocol has been obsolete since the
-        early 1990's and has known security vulnerabilities so this will never be
-        used in practice.</dd>
-    </dl>
-
-    <p>
-      Other SASL mechanisms, not listed above, can only be used when the libvirtd
-      TLS or UNIX socket listeners.
-    </p>
-
-    <h3><a id="ACL_server_username">Username/password auth</a></h3>
-    <p>
-As noted above, the DIGEST-MD5 mechanism is considered obsolete and should
-not be used anymore. To provide a simple username/password auth scheme on
-the libvirt UNIX socket or TLS listeners, however, it is possible to use
-the SCRAM mechanism. The <code>auth_unix_ro</code>, <code>auth_unix_rw</code>,
-<code>auth_tls</code> config params in <code>libvirt.conf</code> can be used
-to turn on SASL auth in these listeners.
-    </p>
-    <p>
-Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
-config change is required to enable plain password auth. This is done by
-editting <code>/etc/sasl2/libvirt.conf</code> to set the <code>mech_list</code>
-parameter to <code>scram-sha-1</code>.
-    </p>
-    <p>
-Out of the box, no user accounts are defined, so no clients will be able to authenticate
-on the TCP socket. Adding users and setting their passwords is done with the <code>saslpasswd2</code>
-command. When running this command it is important to tell it that the appname is <code>libvirt</code>.
-As an example, to add a user <code>fred</code>, run
-</p>
-    <pre>
-# saslpasswd2 -a libvirt fred
-Password: xxxxxx
-Again (for verification): xxxxxx
-</pre>
-    <p>
-To see a list of all accounts the <code>sasldblistusers2</code> command can be used.
-This command expects to be given the path to the libvirt user database, which is kept
-in <code>/etc/libvirt/passwd.db</code>
-</p>
-    <pre>
-# sasldblistusers2 -f /etc/libvirt/passwd.db
-fred@t60wlan.home.berrange.com: userPassword
-</pre>
-    <p>
-Finally, to disable a user's access, the <code>saslpasswd2</code> command can be used
-again:
-</p>
-    <pre>
-# saslpasswd2 -a libvirt -d fred
-</pre>
-    <h3><a id="ACL_server_kerberos">GSSAPI/Kerberos auth</a></h3>
-    <p>
-The plain TCP listener of the libvirt daemon defaults to using SASL for authentication.
-The libvirt SASL config also defaults to GSSAPI, so there is no need to edit the
-SASL config when using GSSAPI. If the libvirtd TLS or UNIX listeners are used,
-then the Kerberos session encryption will be disabled since it is not required
-in these scenarios - only the plain TCP listener needs encryption
-</p>
-    <p>
-Some operating systems do not install the SASL kerberos plugin by default. It
-may be necessary to install a sub-package such as <code>cyrus-sasl-gssapi</code>.
-To check whether the Kerberos plugin is installed run the <code>pluginviewer</code>
-program and verify that <code>gssapi</code> is listed, e.g.:
-</p>
-    <pre>
-# pluginviewer
-...snip...
-Plugin "gssapiv2" [loaded],     API version: 4
-        SASL mechanism: GSSAPI, best SSF: 56
-        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
-        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
-</pre>
-    <p>
-Next it is necessary for the administrator of the Kerberos realm to
-issue a principal for the libvirt server. There needs to be one
-principal per host running the libvirt daemon. The principal should be
-named <code>libvirt/full.hostname@KERBEROS.REALM</code>.  This is
-typically done by running the <code>kadmin.local</code> command on the
-Kerberos server, though some Kerberos servers have alternate ways of
-setting up service principals.  Once created, the principal should be
-exported to a keytab, copied to the host running the libvirt daemon
-and placed in <code>/etc/libvirt/krb5.tab</code>
-</p>
-    <pre>
-# kadmin.local
-kadmin.local: add_principal libvirt/foo.example.com
-Enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
-Re-enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
-Principal "libvirt/foo.example.com@EXAMPLE.COM" created.
-
-kadmin.local:  ktadd -k /root/libvirt-foo-example.tab libvirt/foo.example.com@EXAMPLE.COM
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-
-kadmin.local: quit
-
-# scp /root/libvirt-foo-example.tab root@foo.example.com:/etc/libvirt/krb5.tab
-# rm /root/libvirt-foo-example.tab
-</pre>
-    <p>
-Any client application wishing to connect to a Kerberos enabled libvirt server
-merely needs to run <code>kinit</code> to gain a user principal. This may well
-be done automatically when a user logs into a desktop session, if PAM is set up
-to authenticate against Kerberos.
-</p>
-  </body>
-</html>
--- a/docs/auth.rst
+++ b/docs/auth.rst
@@ -0,0 +1,324 @@
+=========================
+Connection authentication
+=========================
+
+.. contents::
+
+When connecting to libvirt, some connections may require client
+authentication before allowing use of the APIs. The set of possible
+authentication mechanisms is administrator controlled, independent
+of applications using libvirt. Once authenticated, libvirt can apply
+fine grained `access control <acl.html>`_ to the operations
+performed by a client.
+
+Client configuration
+====================
+
+When connecting to a remote hypervisor which requires authentication,
+most libvirt applications will prompt the user for the credentials. It is
+also possible to provide a client configuration file containing all the
+authentication credentials, avoiding any interaction. Libvirt will look
+for the authentication file using the following sequence:
+
+* The file path specified by the ``$LIBVIRT_AUTH_FILE`` environment
+  variable.
+* The file path specified by the ``authfile=/some/file`` URI
+  query parameter
+* The file ``$XDG_CONFIG_HOME/libvirt/auth.conf``
+* The file ``/etc/libvirt/auth.conf``
+
+The auth configuration file uses the traditional ``.ini``
+style syntax. There are two types of groups that can be present in
+the config. First there are one or more ``credential``
+sets, which provide the actual authentication credentials. The keys
+within the group may be:
+
+* ``username``: the user login name to act as. This
+  is relevant for ESX, Xen, HyperV and SSH, but probably not
+  the one you want for libvirtd with SASL.
+* ``authname``: the name to authorize as. This is
+  what is commonly required for libvirtd with SASL.
+* ``password``: the secret password.
+* ``realm``: the domain realm for SASL, mostly unused.
+
+Each set of credentials has a name, which is part of the group
+entry name. Overall the syntax is
+
+::
+
+   [credentials-$NAME]
+   credname1=value1
+   credname2=value2
+
+
+For example, to define two sets of credentials used for production
+and test machines, using libvirtd, and a further ESX server for
+development:
+
+::
+
+   [credentials-test]
+   authname=fred
+   password=123456
+
+   [credentials-prod]
+   authname=bar
+   password=letmein
+
+   [credentials-dev]
+   username=joe
+   password=hello
+
+   [credentials-defgrp]
+   username=defuser
+   password=defpw
+
+The second set of groups provide mappings of credentials to
+specific machine services. The config file group names compromise
+the service type and host:
+
+::
+
+   [auth-$SERVICE-$HOSTNAME]
+   credentials=$CREDENTIALS
+
+For example, following the previous example, here is how to
+map some machines. For convenience libvirt supports a default
+mapping of credentials to machines:
+
+::
+
+   [auth-libvirt-test1.example.com]
+   credentials=test
+
+   [auth-libvirt-test2.example.com]
+   credentials=test
+
+   [auth-libvirt-demo3.example.com]
+   credentials=test
+
+   [auth-libvirt-prod1.example.com]
+   credentials=prod
+
+   [auth-libvirt-default]
+   credentials=defgrp
+
+   [auth-esx-dev1.example.com]
+   credentials=dev
+
+   [auth-esx-default]
+   credentials=defgrp
+
+The following service types are known to libvirt:
+
+* ``esx`` - used for connections to an ESX or VirtualCenter server
+* ``hyperv`` - used for connections to an HyperV server
+* ``libvirt`` - used for connections to a libvirtd
+  server, which is configured with SASL auth
+* ``ssh`` - used for connections to a remote QEMU driver over SSH
+
+
+Applications using libvirt are free to use this same configuration
+file for storing other credentials. For example, it can be used
+to storage VNC or SPICE login credentials
+
+Server configuration
+====================
+
+The libvirt daemon allows the administrator to choose the authentication
+mechanisms used for client connections on each network socket independently.
+This is primarily controlled via the libvirt daemon master config file in
+``/etc/libvirt/libvirtd.conf``. Each of the libvirt sockets can
+have its authentication mechanism configured independently. There is
+currently a choice of ``none``, ``polkit``, and ``sasl``.
+The SASL scheme can be further configured to choose between a large
+number of different mechanisms.
+
+UNIX socket permissions/group
+-----------------------------
+
+If libvirt does not contain support for PolicyKit, then access control for
+the UNIX domain socket is done using traditional file user/group ownership
+and permissions. There are 2 sockets, one for full read-write access, the
+other for read-only access. The RW socket will be restricted (mode 0700) to
+only allow the ``root`` user to connect. The read-only socket will
+be open access (mode 0777) to allow any user to connect.
+
+To allow non-root users greater access, the ``libvirtd.conf`` file
+can be edited to change the permissions via the ``unix_sock_rw_perms``,
+config parameter and to set a user group via the ``unix_sock_group``
+parameter. For example, setting the former to mode ``0770`` and the
+latter ``wheel`` would let any user in the wheel group connect to
+the libvirt daemon.
+
+UNIX socket PolicyKit auth
+--------------------------
+
+If libvirt contains support for PolicyKit, then access control options are
+more advanced. The ``auth_unix_rw`` parameter will default to
+``polkit``, and the file permissions will default to ``0777``
+even on the RW socket. Upon connecting to the socket, the client application
+will be required to identify itself with PolicyKit. The default policy for the
+RW daemon socket will require any application running in the current desktop
+session to authenticate using the user's password. This is akin to ``sudo``
+auth, but does not require that the client application ultimately run as root.
+Default policy will still allow any application to connect to the RO socket.
+
+The default policy can be overridden by creating a new policy file in the
+``/etc/polkit-1/rules.d`` directory. Information on the options
+available can be found by reading the ``polkit(8)`` man page. The
+two libvirt actions are named ``org.libvirt.unix.manage`` for full
+management access, and ``org.libvirt.unix.monitor`` for read-only
+access.
+
+As an example, creating ``/etc/polkit-1/rules.d/80-libvirt-manage.rules``
+with the following gives the user ``fred`` full management access
+when accessing from an active local session:
+
+::
+
+   polkit.addRule(function(action, subject) {
+     if (action.id == "org.libvirt.unix.manage" &&
+         subject.local && subject.active && subject.user == "fred") {
+       return polkit.Result.YES;
+     }
+   });
+
+Older versions of PolicyKit used policy files ending with .pkla in the
+local override directory ``/etc/polkit-1/localauthority/50-local.d/``.
+Compatibility with this older format is provided by
+`polkit-pkla-compat <https://pagure.io/polkit-pkla-compat>`_. As an
+example, this gives the user ``fred`` full management access:
+
+::
+
+   [Allow fred libvirt management permissions]
+   Identity=unix-user:fred
+   Action=org.libvirt.unix.manage
+   ResultAny=yes
+   ResultInactive=yes
+   ResultActive=yes
+
+SASL pluggable authentication
+-----------------------------
+
+Libvirt integrates with the ``cyrus-sasl`` library to provide a pluggable
+authentication system using the SASL protocol. SASL can be used in combination
+with libvirtd's TLS or TCP socket listeners. When used with the TCP listener,
+the SASL mechanism is required to provide session encryption in addition to
+authentication. Only a very few SASL mechanisms are able to do this, and of
+those that can do it, only the ``GSSAPI`` plugin is considered acceptably secure
+by modern standards. ``GSSAPI`` is the default mechanism enabled in the libvirt
+SASL configuration. It uses the Kerberos v5 authentication protocol underneath,
+and assuming the Kerberos client/server are configured with modern ciphers
+(AES), it provides strong session encryption capabilities. All other SASL
+mechanisms should only be used with the libvirtd TLS or UNIX socket listeners.
+
+Username/password auth
+~~~~~~~~~~~~~~~~~~~~~~
+
+To provide a simple username/password auth scheme on the libvirt UNIX socket
+or TLS listeners, however, it is possible to use the ``SCRAM`` mechanism, in its
+``SCRAM-SHA-256`` variant. The ``auth_unix_ro``, ``auth_unix_rw``, ``auth_tls``
+config params in ``libvirtd.conf`` can be used to turn on SASL auth in these
+listeners.
+
+Since the libvirt SASL config file defaults to using ``GSSAPI`` (Kerberos), a
+config change is required to enable plain password auth. This is done by
+editing ``/etc/sasl2/libvirt.conf`` to set the ``mech_list``
+parameter to ``scram-sha-256``.
+
+**Note:** previous versions of libvirt suggested ``DIGEST-MD5`` and
+``SCRAM-SHA-1`` mechanisms. **Use of these is strongly discouraged as they are
+not considered secure by modern standards.** It is possible to replace them with
+use of ``SCRAM-SHA-256``, while still using the same password database.
+
+Out of the box, no user accounts are defined, so no clients will be able to
+authenticate on the TCP socket. Adding users and setting their passwords is
+done with the ``saslpasswd2`` command. When running this command it is
+important to tell it that the appname is ``libvirt``. As an example, to add
+a user ``fred``, run
+
+::
+
+   # saslpasswd2 -a libvirt fred
+   Password: xxxxxx
+   Again (for verification): xxxxxx
+
+To see a list of all accounts the ``sasldblistusers2`` command can be used.
+This command expects to be given the path to the libvirt user database, which
+is kept in ``/etc/libvirt/passwd.db``
+
+::
+
+   # sasldblistusers2 -f /etc/libvirt/passwd.db
+   fred@t60wlan.home.berrange.com: userPassword
+
+Finally, to disable a user's access, the ``saslpasswd2`` command can be used
+again:
+
+::
+
+   # saslpasswd2 -a libvirt -d fred
+
+**Note: the SASL ``passwd.db`` file stores passwords in clear text, so
+care should be taken not to let its contents be disclosed to unauthorized
+users.**
+
+GSSAPI/Kerberos auth
+~~~~~~~~~~~~~~~~~~~~
+
+The plain TCP listener of the libvirt daemon defaults to using SASL for
+authentication. The libvirt SASL config also defaults to ``GSSAPI``, so there
+is no need to edit the SASL config when using ``GSSAPI``. If the libvirtd TLS
+or UNIX listeners are used, then the Kerberos session encryption will be
+disabled since it is not required in these scenarios - only the plain TCP
+listener needs encryption.
+
+Some operating systems do not install the SASL kerberos plugin by default. It
+may be necessary to install a sub-package such as ``cyrus-sasl-gssapi``.
+To check whether the Kerberos plugin is installed run the ``pluginviewer``
+program and verify that ``gssapi`` is listed, e.g.:
+
+::
+
+   # pluginviewer
+   ...snip...
+   Plugin "gssapiv2" [loaded],     API version: 4
+   SASL mechanism: GSSAPI, best SSF: 56
+   security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
+   features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
+
+Next it is necessary for the administrator of the Kerberos realm to
+issue a principal for the libvirt server. There needs to be one
+principal per host running the libvirt daemon. The principal should be
+named ``libvirt/full.hostname@KERBEROS.REALM``.  This is
+typically done by running the ``kadmin.local`` command on the
+Kerberos server, though some Kerberos servers have alternate ways of
+setting up service principals.  Once created, the principal should be
+exported to a keytab, copied to the host running the libvirt daemon
+and placed in ``/etc/libvirt/krb5.tab``
+
+::
+
+   # kadmin.local
+   kadmin.local: add_principal libvirt/foo.example.com
+   Enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
+   Re-enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
+   Principal "libvirt/foo.example.com@EXAMPLE.COM" created.
+
+   kadmin.local:  ktadd -k /root/libvirt-foo-example.tab libvirt/foo.example.com@EXAMPLE.COM
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+
+   kadmin.local: quit
+
+   # scp /root/libvirt-foo-example.tab root@foo.example.com:/etc/libvirt/krb5.tab
+   # rm /root/libvirt-foo-example.tab
+
+Any client application wishing to connect to a Kerberos enabled libvirt server
+merely needs to run ``kinit`` to gain a user principal. This may well
+be done automatically when a user logs into a desktop session, if PAM is set up
+to authenticate against Kerberos.
--- a/docs/best-practices.rst
+++ b/docs/best-practices.rst
@@ -34,4 +34,4 @@ with minimal back-and-forth.
 There is more on this subject, including lots of links to
 background reading on the subject, on `Richard Jones' guide to
 working with open source
-projects <http://people.redhat.com/rjones/how-to-supply-code-to-open-source-projects/>`__.
+projects <https://people.redhat.com/rjones/how-to-supply-code-to-open-source-projects/>`__.
--- a/docs/bindings.html.in
+++ b/docs/bindings.html.in
@@ -1,101 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1 >Bindings for other languages and integration API modules</h1>
-
-    <p>
-      Libvirt supports C and C++ directly, and has bindings available
-      for other languages:
-    </p>
-
-    <ul>
-      <li>
-        <strong>C#</strong>: Arnaud Champion develops
-        <a href="csharp.html">C# bindings</a>.
-      </li>
-     <li>
-        <strong>Go</strong>: Daniel Berrange develops
-        <a href="https://pkg.go.dev/libvirt.org/libvirt-go">Go bindings</a>.
-      </li>
-      <li>
-        <strong>Java</strong>: Daniel Veillard develops
-        <a href="java.html">Java bindings</a>.
-      </li>
-      <li>
-        <strong>OCaml</strong>: Richard Jones develops
-        <a href="https://libvirt.org/ocaml/">OCaml bindings</a>.
-      </li>
-      <li>
-        <strong>Perl</strong>: Daniel Berrange develops
-        <a href="http://search.cpan.org/dist/Sys-Virt/">Perl bindings</a>.
-      </li>
-      <li>
-        <p>
-          <strong>PHP</strong>: Radek Hladik started developing
-          <a href="https://libvirt.org/php">PHP bindings</a> in 2010.
-        </p>
-        <p>
-          In February 2011 the binding development has been moved to the libvirt.org website as
-          libvirt-php project.
-        </p>
-        <p>
-          The project is now maintained by Michal Novotny and it's heavily based
-          on Radek's version. For more information, including
-          information on posting patches to libvirt-php, please refer
-          to the <a href="https://libvirt.org/php">PHP bindings</a> site.
-        </p>
-      </li>
-      <li>
-        <p>
-          <strong>Python</strong>: Libvirt's python bindings are split to a
-          separate <a href="https://gitlab.com/libvirt/libvirt-python">package</a>
-          since version 1.2.0, older versions came with direct support for the
-          Python language.
-        </p>
-        <p>
-          If your libvirt is installed as packages, rather than compiled
-          by you from source code, ensure you have the appropriate
-          package installed.
-        </p>
-        <p>
-          This is named <b>libvirt-python</b> on RHEL/Fedora,
-          <a href="http://packages.ubuntu.com/search?keywords=python-libvirt"><b>python-libvirt</b></a>
-          on Ubuntu, and may be named differently on others.
-        </p>
-        <p>
-          For usage information, see the
-          <a href="python.html">Python API bindings</a> page.
-        </p>
-      </li>
-      <li>
-        <strong>Ruby</strong>: Chris Lalancette develops
-        <a href="https://libvirt.org/ruby/">Ruby bindings</a>.
-      </li>
-    </ul>
-
-    <p>
-      Integration API modules:
-    </p>
-
-    <ul>
-      <li>
-        <strong>D-Bus</strong>: Pavel Hrdina develops
-        <a href="dbus.html">D-Bus API</a>.
-      </li>
-    </ul>
-
-    <p>
-      For information on using libvirt on <strong>Windows</strong>
-      <a href="windows.html">please see the Windows support page</a>.
-    </p>
-
-    <p>
-      Support, requests or help for libvirt bindings are welcome on the
-      <a href="https://www.redhat.com/mailman/listinfo/libvir-list/">mailing list</a>,
-      as usual try to provide enough background information and make sure
-      you use recent version, see the <a href="bugs.html">help page</a>.
-    </p>
-
-  </body>
-</html>
--- a/docs/bindings.rst
+++ b/docs/bindings.rst
@@ -0,0 +1,62 @@
+========================================================
+Bindings for other languages and integration API modules
+========================================================
+
+.. contents::
+
+Libvirt supports C and C++ directly, and has bindings available for
+other languages:
+
+-  **C#**: Arnaud Champion develops `C# bindings <csharp.html>`__.
+
+-  **Go**: Daniel Berrange develops `Go
+   bindings <https://pkg.go.dev/libvirt.org/libvirt-go>`__.
+
+-  **Java**: Daniel Veillard develops `Java bindings <java.html>`__.
+
+-  **OCaml**: Richard Jones develops `OCaml
+   bindings <https://libvirt.org/ocaml/>`__.
+
+-  **Perl**: Daniel Berrange develops `Perl
+   bindings <https://search.cpan.org/dist/Sys-Virt/>`__.
+
+-  **PHP**: Radek Hladik started developing `PHP
+   bindings <https://libvirt.org/php>`__ in 2010.
+
+   In February 2011 the binding development has been moved to the
+   libvirt.org website as libvirt-php project.
+
+   The project is now maintained by Michal Novotny and it's heavily
+   based on Radek's version. For more information, including information
+   on posting patches to libvirt-php, please refer to the `PHP
+   bindings <https://libvirt.org/php>`__ site.
+
+-  **Python**: Libvirt's python bindings are split to a separate
+   `package <https://gitlab.com/libvirt/libvirt-python>`__ since version
+   1.2.0, older versions came with direct support for the Python
+   language.
+
+   If your libvirt is installed as packages, rather than compiled by you
+   from source code, ensure you have the appropriate package installed.
+
+   This is named **libvirt-python** on RHEL/Fedora,
+   `python-libvirt <https://packages.ubuntu.com/search?keywords=python-libvirt>`__
+   on Ubuntu, and may be named differently on others.
+
+   For usage information, see the `Python API bindings <python.html>`__
+   page.
+
+-  **Ruby**: Chris Lalancette develops `Ruby
+   bindings <https://libvirt.org/ruby/>`__.
+
+Integration API modules:
+
+-  **D-Bus**: Pavel Hrdina develops `D-Bus API <dbus.html>`__.
+
+For information on using libvirt on **Windows** `please see the Windows
+support page <windows.html>`__.
+
+Support, requests or help for libvirt bindings are welcome on the
+`mailing list <https://www.redhat.com/mailman/listinfo/libvir-list/>`__,
+as usual try to provide enough background information and make sure you
+use recent version, see the `help page <bugs.html>`__.
--- a/docs/bugs.html.in
+++ b/docs/bugs.html.in
@@ -77,8 +77,8 @@
        tickets against the <code>Fedora</code> product and
        the <code>libvirt</code> component.
        <ul>
-          <li><a href="http://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Fedora">View Fedora libvirt tickets</a></li>
-          <li><a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora&amp;component=libvirt">New Fedora libvirt ticket</a></li>
+          <li><a href="https://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Fedora">View Fedora libvirt tickets</a></li>
+          <li><a href="https://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora&amp;component=libvirt">New Fedora libvirt ticket</a></li>
        </ul>
      </li>
      <li>
@@ -87,7 +87,7 @@
          Linux</strong>, enter tickets against the Red Hat Enterprise
          Linux product that you're using (e.g., Red Hat Enterprise
          Linux 6) and the <code>libvirt</code> component.  Red Hat
-          bugzilla has <a href="http://bugzilla.redhat.com">additional guidance</a> about getting support if
+          bugzilla has <a href="https://bugzilla.redhat.com">additional guidance</a> about getting support if
          you are a Red Hat customer.
        </p>
      </li>
--- a/docs/cgroups.html.in
+++ b/docs/cgroups.html.in
@@ -117,21 +117,27 @@ $ROOT
      |
      +- machine-qemu\x2d1\x2dvm1.scope
      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
+      |   +- libvirt
+      |       |
+      |       +- emulator
+      |       +- vcpu0
+      |       +- vcpu1
      |
      +- machine-qemu\x2d2\x2dvm2.scope
      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
+      |   +- libvirt
+      |       |
+      |       +- emulator
+      |       +- vcpu0
+      |       +- vcpu1
      |
      +- machine-qemu\x2d3\x2dvm3.scope
      |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
+      |   +- libvirt
+      |       |
+      |       +- emulator
+      |       +- vcpu0
+      |       +- vcpu1
      |
      +- machine-engineering.slice
      |   |
@@ -148,6 +154,11 @@ $ROOT
          +- machine-lxc\x2d33333\x2dcontainer3.scope
    </pre>

+    <p>
+      Prior libvirt 7.1.0 the topology doesn't have extra
+      <code>libvirt</code> directory.
+    </p>
+
    <h3><a id="currentLayoutGeneric">Non-systemd cgroups layout</a></h3>

    <p>
--- a/docs/coding-style.rst
+++ b/docs/coding-style.rst
@@ -53,13 +53,10 @@ Struct type names
   All structs should have a 'vir' prefix in their typedef name,
   and each following word should have its first letter in
   uppercase. The struct name should be the same as the typedef
-   name with a leading underscore. A second typedef should be
-   given for a pointer to the struct with a 'Ptr' suffix.
-
+   name with a leading underscore.
   ::

     typedef struct _virHashTable virHashTable;
-     typedef virHashTable *virHashTablePtr;
     struct _virHashTable {
         ...
     };
@@ -116,7 +113,7 @@ following to your ~/.vimrc file:
 Or if you don't want to mess your ~/.vimrc up, you can save the
 above into a file called .lvimrc (not .vimrc) located at the root
 of libvirt source, then install a vim script from
-http://www.vim.org/scripts/script.php?script_id=1408, which will
+https://www.vim.org/scripts/script.php?script_id=1408, which will
 load the .lvimrc only when you edit libvirt code.

 Code formatting (especially for new code)
@@ -131,7 +128,7 @@ around operators and keywords:

  indent-libvirt()
  {
-    indent -bad -bap -bbb -bli4 -br -ce -brs -cs -i4 -l75 -lc75 \
+    indent -bad -bap -bbb -bli4 -br -ce -brs -cs -i4 -l100 -lc100 \
           -sbi4 -psl -saf -sai -saw -sbi4 -ss -sc -cdw -cli4 -npcs -nbc \
           --no-tabs "$@"
  }
@@ -141,6 +138,9 @@ further, by piping it through ``expand -i``, since some leading
 TABs can get through. Usually they're in macro definitions or
 strings, and should be converted anyhow.

+The maximum permitted line length is 100 characters, but lines
+should aim to be approximately 80 characters.
+
 Libvirt requires a C99 compiler for various reasons. However, most
 of the code base prefers to stick to C89 syntax unless there is a
 compelling reason otherwise. For example, it is preferable to use
@@ -258,15 +258,15 @@ comment, although use of a semicolon is not currently rejected.
 Curly braces
 ------------

-Omit the curly braces around an ``if``, ``while``, ``for`` etc.
-body only when both that body and the condition itself occupy a
-single line. In every other case we require the braces. This
+Curly braces around an ``if``, ``while``, ``for`` etc. can be omitted if the
+body and the condition itself occupy only a single line.
+In every other case we require the braces. This
 ensures that it is trivially easy to identify a
 single-\ *statement* loop: each has only one *line* in its body.

 ::

-  while (expr)             // single line body; {} is forbidden
+  while (expr)             // single line body; {} is optional
      single_line_stmt();

 ::
@@ -423,11 +423,11 @@ Conditional expressions

 For readability reasons new code should avoid shortening
 comparisons to 0 for numeric types. Boolean and pointer
-comparisions may be shortened. All long forms are okay:
+comparisons may be shortened. All long forms are okay:

 ::

-  virFooPtr foos = NULL;
+  virFoo *foos = NULL;
  size nfoos = 0;
  bool hasFoos = false;

@@ -474,7 +474,7 @@ indentation to track nesting:

 ::

-  #if defined(HAVE_POSIX_FALLOCATE) && !defined(HAVE_FALLOCATE)
+  #if defined(WITH_POSIX_FALLOCATE) && !defined(WITH_FALLOCATE)
  # define fallocate(a, ignored, b, c) posix_fallocate(a, b, c)
  #endif

@@ -711,19 +711,6 @@ does **not** guarantee a NULL-terminated buffer, which makes it
 extremely dangerous to use. Instead, use one of the replacement
 functions provided by libvirt:

-::
-
-  virStrncpy(char *dest, const char *src, size_t n, size_t destbytes)
-
-The first two arguments have the same meaning as for strncpy,
-namely the destination and source of the copy operation. Unlike
-strncpy, the function will always copy exactly the number of bytes
-requested and make sure the destination is NULL-terminated, as the
-source is required to be; sanity checks are performed to ensure
-the size of the destination, as specified by the last argument, is
-sufficient for the operation to succeed. On success, 0 is
-returned; on failure, a value <0 is returned instead.
-
 ::

  virStrcpy(char *dest, const char *src, size_t destbytes)
@@ -936,7 +923,7 @@ ok:
 Although libvirt does not encourage the Linux kernel wind/unwind
 style of multiple labels, there's a good general discussion of the
 issue archived at
-`KernelTrap <http://kerneltrap.org/node/553/2131>`__
+`KernelTrap <https://web.archive.org/web/20130521051957/http://kerneltrap.org/node/553/2131>`__

 When using goto, please use one of these standard labels if it
 makes sense:
@@ -960,3 +947,18 @@ git):
   cleanup:
      /* ... do other stuff ... */
  }
+
+
+XML element and attribute naming
+--------------------------------
+
+New elements and/or attributes should be short and descriptive.
+In general, they should reflect what the feature does instead of
+how exactly it is named in given hypervisor because this creates
+an abstraction that other drivers can benefit from (for instance
+if the same feature is named differently in two hypervisors).
+That is not to say an element or attribute can't have the same
+name as in a hypervisor, but proceed with caution.
+
+Single worded names are preferred, but if more words must be
+used then they shall be joined in camelCase style.
--- a/docs/compiling.html.in
+++ b/docs/compiling.html.in
@@ -1,113 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1><a id="installation">libvirt Installation</a></h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="compiling">Compiling a release tarball</a></h2>
-
-    <p>
-      libvirt uses the standard setup/build/install steps and mandates
-      that the build directory is different that the source directory:
-    </p>
-
-    <pre>
-$ xz -c libvirt-x.x.x.tar.xz | tar xvf -
-$ cd libvirt-x.x.x
-$ meson build</pre>
-
-    <p>
-      The <i>meson</i> script can be given options to change its default
-      behaviour.
-    </p>
-
-    <p>
-      To get the complete list of the options run the following command:
-    </p>
-
-    <pre>
-$ meson configure</pre>
-
-    <p>
-      When you have determined which options you want to use (if any),
-      continue the process.
-    </p>
-
-    <p>
-      Note the use of <b>sudo</b> with the <i>ninja install</i> command
-      below.  Using sudo is only required when installing to a location your
-      user does not have write access to.  Installing to a system location
-      is a good example of this.
-    </p>
-
-    <p>
-      If you are installing to a location that your user <i>does</i> have write
-      access to, then you can instead run the <i>ninja install</i> command
-      without putting <b>sudo</b> before it.
-    </p>
-
-    <pre>
-$ meson build <i>[possible options]</i>
-$ ninja -C build
-$ <b>sudo</b> <i>ninja -C build install</i></pre>
-
-    <p>
-      At this point you <b>may</b> have to run ldconfig or a similar utility
-      to update your list of installed shared libs.
-    </p>
-
-    <h2><a id="building">Building from a GIT checkout</a></h2>
-
-    <p>
-      The libvirt build process uses Meson build system. By default when
-      the <code>meson</code> is run from within a GIT checkout, it
-      will turn on -Werror for builds. This can be disabled with
-      --werror=false, but this is not recommended.
-    </p>
-
-    <p>To build &amp; install libvirt to your home
-      directory the following commands can be run:
-    </p>
-
-    <pre>
-$ meson build --prefix=$HOME/usr
-$ ninja -C build
-$ <b>sudo</b> ninja -C build install</pre>
-
-    <p>
-      Be aware though, that binaries built with a custom prefix will not
-      interoperate with OS vendor provided binaries, since the UNIX socket
-      paths will all be different. To produce a build that is compatible
-      with normal OS vendor prefixes, use
-    </p>
-
-    <pre>
-$ meson build -Dsystem=true
-$ ninja -C build
-    </pre>
-
-    <p>
-      When doing this for day-to-day development purposes, it is recommended
-      not to install over the OS vendor provided binaries. Instead simply
-      run libvirt directly from the source tree. For example to run
-      a privileged libvirtd instance
-    </p>
-
-    <pre>
-$ su -
-# service libvirtd stop  (or systemctl stop libvirtd.service)
-# /home/to/your/checkout/src/libvirtd
-    </pre>
-
-    <p>
-      It is also possible to run virsh directly from the source tree
-      using the ./run script (which sets some environment variables):
-    </p>
-
-    <pre>
-$ ./run ./tools/virsh ....
-    </pre>
-  </body>
-</html>
--- a/docs/compiling.rst
+++ b/docs/compiling.rst
@@ -0,0 +1,100 @@
+====================
+libvirt Installation
+====================
+
+.. contents::
+
+Compiling a release tarball
+---------------------------
+
+libvirt uses the standard setup/build/install steps and mandates that
+the build directory is different from the source directory:
+
+::
+
+   $ xz -dc libvirt-x.x.x.tar.xz | tar xvf -
+   $ cd libvirt-x.x.x
+   $ meson build
+
+The *meson* script can be given options to change its default behaviour.
+
+**Note:** Please ensure that you have the appropriate minimal ``meson`` version
+installed in your build environment. The minimal version for a specific package
+can be checked in the top level ``meson.build`` file in the ``meson_version``
+field.
+
+To get the complete list of the options run the following command:
+
+::
+
+   $ meson configure
+
+When you have determined which options you want to use (if any),
+continue the process.
+
+Note the use of **sudo** with the *ninja install* command below. Using
+sudo is only required when installing to a location your user does not
+have write access to. Installing to a system location is a good example
+of this.
+
+If you are installing to a location that your user *does* have write
+access to, then you can instead run the *ninja install* command without
+putting **sudo** before it.
+
+::
+
+   $ meson build [possible options]
+   $ ninja -C build
+   $ sudo ninja -C build install
+
+At this point you **may** have to run ldconfig or a similar utility to
+update your list of installed shared libs.
+
+Building from a GIT checkout
+----------------------------
+
+The libvirt build process uses Meson build system. By default when the
+``meson`` is run from within a GIT checkout, it will turn on -Werror for
+builds. This can be disabled with --werror=false, but this is not
+recommended.
+
+To build & install libvirt to your home directory the following commands
+can be run:
+
+::
+
+   $ meson build --prefix=$HOME/usr
+   $ ninja -C build
+   $ sudo ninja -C build install
+
+Be aware though, that binaries built with a custom prefix will not
+interoperate with OS vendor provided binaries, since the UNIX socket
+paths will all be different. To produce a build that is compatible with
+normal OS vendor prefixes, use
+
+::
+
+   $ meson build -Dsystem=true
+   $ ninja -C build
+
+
+When doing this for day-to-day development purposes, it is recommended
+not to install over the OS vendor provided binaries. Instead simply run
+libvirt directly from the source tree. For example to run a privileged
+libvirtd instance
+
+::
+
+   $ su -
+   # service libvirtd stop  (or systemctl stop libvirtd.service)
+   # /home/to/your/checkout/build/src/libvirtd
+
+
+It is also possible to run virsh directly from the build tree using the
+./run script (which sets some environment variables):
+
+::
+
+   $ pwd
+   /home/to/your/checkout/build
+   $ ./run ./tools/virsh ....
--- a/docs/contact.html.in
+++ b/docs/contact.html.in
@@ -98,7 +98,7 @@
    <h2><a id="irc">IRC discussion</a></h2>

    <p>
-      Some of the libvirt developers may be found on IRC on the <a href="http://oftc.net">OFTC IRC</a>
+      Some of the libvirt developers may be found on IRC on the <a href="https://oftc.net">OFTC IRC</a>
      network. Use the settings:
    </p>
    <ul>
--- a/docs/contribute.html.in
+++ b/docs/contribute.html.in
@@ -6,7 +6,7 @@

    <p>
      This page provides guidance on how to contribute to the
-      libvirt project
+      libvirt project.
    </p>

    <ul id="toc"></ul>
@@ -74,11 +74,11 @@
        who distribute libvirt may wish to propose a person to
        be part of the security handling team, to get early access
        to information about forthcoming vulnerability fixes.</li>
-      <li><strong>Evangalism</strong>. Work done by the project is of no benefit
+      <li><strong>Evangelism</strong>. Work done by the project is of no benefit
        unless the (potential) user community knows that it
        exists. Thus it is critically important to the health
        and future growth of the project, that there are a people
-        who evangalise the work created by the project. This can
+        who evangelize the work created by the project. This can
        take many forms, writing blog posts (about usage of features,
        personal user experiences, areas for future work, and more),
        syndicating docs and blogs via social media, giving user
@@ -91,7 +91,7 @@
        to obtain support, it is common to rely on community help
        forums such as <a href="contact.html#email">libvirt users
          mailing list</a>, or sites such as
-        <a href="http://stackoverflow.com/questions/tagged/libvirt">stackoverflow.</a>
+        <a href="https://stackoverflow.com/questions/tagged/libvirt">stackoverflow.</a>
        People who are familiar with libvirt and have ability &amp;
        desire to help other users are encouraged to participate in
        these help forums.</li>
@@ -131,7 +131,7 @@

    <p>
      Since 2016, the libvirt project directly participates as an
-      organization in the <a href="http://wiki.libvirt.org/page/Google_Summer_of_Code_Ideas">Google Summer of Code program</a>. Prior to
+      organization in the <a href="https://wiki.libvirt.org/page/Google_Summer_of_Code_Ideas">Google Summer of Code program</a>. Prior to
      this the project had a number of students in the program
      via a joint application with the QEMU project. People are
      encouraged to look at both the libvirt and QEMU programs
--- a/docs/csharp.html.in
+++ b/docs/csharp.html.in
@@ -32,7 +32,7 @@
    <h2><a id="git">GIT source repository</a></h2>
    <p>
      The C# bindings source code is maintained in a <a
-      href="http://git-scm.com/">git</a> repository available on
+      href="https://git-scm.com/">git</a> repository available on
      <a href="https://gitlab.com/libvirt/libvirt-csharp">gitlab.com</a>:
    </p>

--- a/docs/daemons.rst
+++ b/docs/daemons.rst
@@ -512,7 +512,7 @@ other end of which are owned by the ``virtlogd`` daemon. It will then write
 data on those pipes to log files, while enforcing a maximum file size and
 performing log rollover at the size limit.

-Since the daemon holds open anoymous pipe file descriptors, it must never be
+Since the daemon holds open anonymous pipe file descriptors, it must never be
 stopped while any QEMU virtual machines are running. To enable software updates
 to be applied, the daemon is capable of re-executing itself while keeping all
 file descriptors open. This can be triggered by sending the daemon ``SIGUSR1``
@@ -605,7 +605,7 @@ images and devices serving as backing storage for virtual disks. The locks
 will be held for as long as there is a QEMU process running with the disk
 open.

-To ensure continuity of locking, the daemon holds open anoymous file
+To ensure continuity of locking, the daemon holds open anonymous file
 descriptors, it must never be stopped while any QEMU virtual machines are
 running. To enable software updates to be applied, the daemon is capable of
 re-executing itself while keeping all file descriptors open. This can be
--- a/docs/docs.html.in
+++ b/docs/docs.html.in
@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml">
-  <body class="docs">
+  <body id="docs">
+    <h1>Documentation</h1>
    <div class="panel">
      <h2>Deployment / operation</h2>

@@ -48,7 +49,7 @@
        <dt><a href="nss.html">NSS module</a></dt>
        <dd>Enable domain host name translation to IP addresses</dd>

-        <dt><a href="http://wiki.libvirt.org/page/FAQ">FAQ</a></dt>
+        <dt><a href="https://wiki.libvirt.org/page/FAQ">FAQ</a></dt>
        <dd>Frequently asked questions</dd>
      </dl>

@@ -85,7 +86,7 @@
          <a href="https://pkg.go.dev/libvirt.org/libvirt-go">go</a>,
          <a href="java.html">java</a>,
          <a href="https://libvirt.org/ocaml/">ocaml</a>,
-          <a href="http://search.cpan.org/dist/Sys-Virt/">perl</a>,
+          <a href="https://search.cpan.org/dist/Sys-Virt/">perl</a>,
          <a href="python.html">python</a>,
          <a href="php.html">php</a>,
          <a href="https://libvirt.org/ruby/">ruby</a>
@@ -125,7 +126,7 @@
        <dt><a href="hvsupport.html">Driver support</a></dt>
        <dd>matrix of API support per hypervisor per release</dd>

-        <dt><a href="kbase.html">Knowledge Base</a></dt>
+        <dt><a href="kbase/index.html">Knowledge Base</a></dt>
        <dd>Task oriented guides to key features</dd>
      </dl>
    </div>
--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -564,7 +564,7 @@

    <p>
      For more details about contents of maintenance releases, see
-      <a href="http://wiki.libvirt.org/page/Maintenance_Releases">the
+      <a href="https://wiki.libvirt.org/page/Maintenance_Releases">the
      wiki page</a>.
    </p>

@@ -601,5 +601,55 @@ git clone git://libvirt.org/[module name].git</pre>
 <a href="https://github.com/libvirt/">https://github.com/libvirt/</a>
 <a href="https://gitlab.com/libvirt/libvirt">https://gitlab.com/libvirt/</a></pre>

+    <h2><a id="keys">Signing keys</a></h2>
+
+    <p>
+      Source RPM packages and tarballs for libvirt and libvirt-python published
+      on this project site are signed with a GPG signature. You should always
+      verify the package signature before using the source to compile binary
+      packages. The following key is currently used to generate the GPG
+      signatures:
+    </p>
+    <pre>
+pub  4096R/10084C9C 2020-07-20 Jiří Denemark &lt;jdenemar@redhat.com&gt;
+Fingerprint=453B 6531 0595 5628 5547  1199 CA68 BE80 1008 4C9C
+</pre>
+
+    <p>
+      Releases prior to libvirt-6.6 were signed with the following GPG key:
+    </p>
+
+    <pre>
+pub   dsa1024 2000-05-31 [SC]
+C744 15BA 7C9C 7F78 F02E  1DC3 4606 B8A5 DE95 BC1F
+uid           [ unknown] Daniel Veillard (Red Hat work email) &lt;veillard@redhat.com&gt;
+uid           [ unknown] Daniel Veillard &lt;Daniel.Veillard@w3.org&gt;
+    </pre>
+
+    <pre>
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+Starting from libvirt-6.6.0 the upstream releases will be done by Jiří Denemark
+signed with his PGP key:
+
+pub  4096R/10084C9C 2020-07-20 Jiří Denemark &lt;jdenemar@redhat.com&gt;
+Fingerprint=453B 6531 0595 5628 5547  1199 CA68 BE80 1008 4C9C
+
+This message is signed by the old signing key which was used for previous
+releases.
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCAAdFiEE20ZoG7ka3OoXD6LUFViLJllr6l0FAl/8H9cACgkQFViLJllr
+6l3iVwgAm9n703/QoIfPbxT5qGQzWK6LNriEcG2R9MLgFcW+UuGA9cqIBLhH1RaJ
+q7Gc3gK0dgE2HAF6DxuG5+nkDY6LdmonLOVFWQkMCh41JHFrV6tw8y9hc/RNOb/m
+gFAl4HpwYisjTRvsTRcpR3ElK6lI0Yu4GY4gJxj5qH4L5exR+kkylwuAxqP+wuyY
+b/L/tP76F4+Q9SSPj0M01NRVC7V8m3yvnok5y374vtxvRFome0WMELn81vphxBLx
+X7LQ1LyjvRs0HhN5MutJES5FYDzArTYZfZJozJgE465XrHxMMCbXbZ/AgAs/aD+5
+x+m2mFplbS57tMEoMBP/ezbbL5wpvA==
+=KnaO
+-----END PGP SIGNATURE-----
+    </pre>
+
  </body>
 </html>
--- a/docs/drvbhyve.html.in
+++ b/docs/drvbhyve.html.in
@@ -28,7 +28,7 @@ $
 </pre>

 <p>
-Additional information on bhyve could be obtained on <a href="http://bhyve.org/">bhyve.org</a>.
+Additional information on bhyve could be obtained on <a href="https://bhyve.org/">bhyve.org</a>.
 </p>

 <h2><a id="uri">Connections to the Bhyve driver</a></h2>
@@ -232,8 +232,8 @@ Then <code>virsh console</code> command can be used to connect to the text conso
 of a guest.</p>

 <p><b>NB:</b> Some versions of bhyve have a bug that prevents guests from booting
-until the console is opened by a client. This bug was fixed in FreeBSD
-<a href="http://svnweb.freebsd.org/changeset/base/262884">r262884</a>. If
+until the console is opened by a client. This bug was fixed in
+<a href="https://svnweb.freebsd.org/changeset/base/262884">FreeBSD changeset r262884</a>. If
 an older version is used, one either has to open a console manually with <code>virsh console</code>
 to let a guest boot or start a guest using:</p>

@@ -272,7 +272,9 @@ tweak them.</p>
 <pre>
 # virsh -c "bhyve:///system"  domxml-to-native --format bhyve-argv --xml /path/to/bhyve.xml
 /usr/sbin/bhyveload -m 214 -d /home/user/vm1.img vm1
-/usr/sbin/bhyve -c 2 -m 214 -A -I -H -P -s 0:0,hostbridge -s 3:0,virtio-net,tap0,mac=52:54:00:5d:74:e3 -s 2:0,virtio-blk,/home/user/vm1.img -s 1,lpc -l com1,/dev/nmdm0A vm1
+/usr/sbin/bhyve -c 2 -m 214 -A -I -H -P -s 0:0,hostbridge \
+    -s 3:0,virtio-net,tap0,mac=52:54:00:5d:74:e3 -s 2:0,virtio-blk,/home/user/vm1.img \
+    -s 1,lpc -l com1,/dev/nmdm0A vm1
 </pre>

 <h3><a id="zfsvolume">Using ZFS volumes</a></h3>
@@ -389,13 +391,38 @@ it with the <code>port</code> attribute):</p>
    &lt;graphics type='vnc' autoport='yes'&gt;
 </pre>

+<p><span class="since">Since 6.8.0</span>, it's possible to set framebuffer resolution
+using the <code>resolution</code> sub-element:</p>
+
+<pre>
+   &lt;video&gt;
+     &lt;model type='gop' heads='1' primary='yes'&gt;
+       &lt;resolution x='800' y='600'/&gt;
+     &lt;/model&gt;
+   &lt;/video&gt;
+</pre>
+
+<p><span class="since">Since 6.8.0</span>, VNC server can be configured to use
+password based authentication:</p>
+
+<pre>
+  &lt;graphics type='vnc' port='5904' passwd='foobar'&gt;
+    &lt;listen type='address' address='127.0.0.1'/&gt;
+  &lt;/graphics&gt;
+</pre>
+
+<p>Note: VNC password authentication is known to be cryptographically weak.
+Additionally, the password is passed as a command line argument in clear text.
+Make sure you understand the risks associated with this feature before using it.</p>
+
 <h3><a id="clockconfig">Clock configuration</a></h3>

 <p>Originally bhyve supported only localtime for RTC. Support for UTC time was introduced in
-<a href="http://svnweb.freebsd.org/changeset/base/284894">r284894</a> for <i>10-STABLE</i> and
-in <a href="http://svnweb.freebsd.org/changeset/base/279225">r279225</a> for <i>-CURRENT</i>.
-It's possible to use this in libvirt <span class="since">since 1.2.18</span>, just place the
-following to domain XML:</p>
+<a href="https://svnweb.freebsd.org/changeset/base/284894">FreeBSD changeset r284894</a>
+for <i>10-STABLE</i> and
+in <a href="https://svnweb.freebsd.org/changeset/base/279225">changeset r279225</a>
+for <i>-CURRENT</i>. It's possible to use this in libvirt <span class="since">since 1.2.18</span>,
+just place the following to domain XML:</p>

 <pre>
 &lt;domain type="bhyve"&gt;
@@ -419,8 +446,8 @@ you'll need to explicitly specify 'localtime' in this case:</p>

 <h3><a id="e1000">e1000 NIC</a></h3>

-<p>As of <a href="https://svnweb.freebsd.org/changeset/base/302504">r302504</a> bhyve
-supports Intel e1000 network adapter emulation. It's supported in libvirt
+<p>As of <a href="https://svnweb.freebsd.org/changeset/base/302504">FreeBSD changeset r302504</a>
+bhyve supports Intel e1000 network adapter emulation. It's supported in libvirt
 <span class="since">since 3.1.0</span> and could be used as follows:</p>

 <pre>
@@ -432,6 +459,50 @@ supports Intel e1000 network adapter emulation. It's supported in libvirt
 ...
 </pre>

+<h3><a id="sound">Sound device</a></h3>
+
+<p>As of <a href="https://svnweb.freebsd.org/changeset/base/349355">FreeBSD changeset r349355</a>
+bhyve supports sound device emulation. It's supported in libvirt
+<span class="since">since 6.7.0</span>.</p>
+
+<pre>
+...
+  &lt;sound model='ich7'&gt;
+    &lt;audio id='1'/&gt;
+  &lt;/sound&gt;
+  &lt;audio id='1' type='oss'&gt;
+    &lt;input dev='/dev/dsp0'/&gt;
+    &lt;output dev='/dev/dsp0'/&gt;
+  &lt;/audio&gt;
+...
+</pre>
+
+<p>Here, the <code>sound</code> element specifies the sound device as it's exposed
+to the guest, with <code>ich7</code> being the only supported model now,
+and the <code>audio</code> element specifies how the guest device is mapped
+to the host sound device.</p>
+
+<h3><a id="fs-9p">Virtio-9p filesystem</a></h3>
+
+<p>As of <a href="https://svnweb.freebsd.org/changeset/base/366413">FreeBSD changeset r366413</a>
+bhyve supports sharing arbitrary directory tree between the guest and the host.
+It's supported in libvirt <span class="since">since 6.9.0</span>.</p>
+
+<pre>
+...
+  &lt;filesystem&gt;
+    &lt;source dir='/shared/dir'/&gt;
+    &lt;target dir='shared_dir'/&gt;
+  &lt;/filesystem&gt;
+...
+</pre>
+
+<p>This share could be made read only by adding the <code>&lt;readonly/&gt;</code> sub-element.</p>
+
+<p>In the Linux guest, this could be mounted using:</p>
+
+<pre>mount -t 9p shared_dir /mnt/shared_dir</pre>
+
 <h3><a id="wired">Wiring guest memory</a></h3>

 <p><span class="since">Since 4.4.0</span>, it's possible to specify that guest memory should
@@ -450,7 +521,8 @@ be wired and cannot be swapped out as follows:</p>

 <p><span class="since">Since 4.5.0</span>, it's possible to specify guest CPU topology, if bhyve
 supports that. Support for specifying guest CPU topology was added to bhyve in
-<a href="http://svnweb.freebsd.org/changeset/base/332298">r332298</a> for <i>-CURRENT</i>.
+<a href="https://svnweb.freebsd.org/changeset/base/332298">FreeBSD changeset r332298</a>
+for <i>-CURRENT</i>.
 Example:</p>
 <pre>
 &lt;domain type="bhyve"&gt;
--- a/docs/drvesx.html.in
+++ b/docs/drvesx.html.in
@@ -15,7 +15,7 @@

    <ul>
      <li>
-        The <a href="http://www.vmware.com/">VMware ESX and GSX</a>
+        The <a href="https://www.vmware.com/">VMware ESX and GSX</a>
        hypervisors
      </li>
    </ul>
@@ -26,11 +26,11 @@
        preparations are required on the server side, no libvirtd must be
        installed on the ESX server. The driver uses version 2.5 of the remote,
        SOAP based
-        <a href="http://www.vmware.com/support/developer/vc-sdk/visdk25pubs/ReferenceGuide/">
+        <a href="https://www.vmware.com/support/developer/vc-sdk/visdk25pubs/ReferenceGuide/">
        VMware Virtual Infrastructure API</a> (VI API) to communicate with the
        ESX server, like the VMware Virtual Infrastructure Client (VI client)
        does. Since version 4.0 this API is called
-        <a href="http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/">
+        <a href="https://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/">
        VMware vSphere API</a>.
    </p>

@@ -221,7 +221,7 @@ vpx://example-vcenter.com/folder1/dc1/folder2/example-esx.com
        using the CA certificate pool installed on your client computer. With
        an out-of-the-box installed ESX server this won't work, because a newly
        installed ESX server uses auto-generated self-signed certificates.
-        Those are singed by a CA certificate that is typically not known to your
+        Those are signed by a CA certificate that is typically not known to your
        client computer and libvirt will report an error like this one:
    </p>
 <pre>
@@ -239,7 +239,7 @@ error: internal error curl_easy_perform() returned an error: Peer certificate ca
            Generate new SSL certificates signed by a CA known to your client
            computer and replace the original ones on your ESX server. See the
            section <i>Replace a Default Certificate with a CA-Signed Certificate</i>
-            in the <a href="http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf">ESX Configuration Guide</a>
+            in the <a href="https://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf">ESX Configuration Guide</a>
        </li>
    </ul>

@@ -322,9 +322,9 @@ error: invalid argument in libvirt was built without the 'esx' driver
    </p>


-    <h2><a id="xmlspecial">Specialties in the domain XML config</a></h2>
+    <h2><a id="xmlspecial">Specialities in the domain XML config</a></h2>
    <p>
-        There are several specialties in the domain XML config for ESX domains.
+        There are several specialities in the domain XML config for ESX domains.
    </p>

    <h3><a id="restrictions">Restrictions</a></h3>
@@ -468,7 +468,7 @@ ethernet0.checkMACAddress = "false"
        <dt><code>vmpvscsi</code></dt>
        <dd>
            Special VMware Paravirtual SCSI controller, requires VMware tools inside
-            the guest. See <a href="http://kb.vmware.com/kb/1010398">VMware KB1010398</a>
+            the guest. See <a href="https://kb.vmware.com/kb/1010398">VMware KB1010398</a>
            for details. <span class="since">Since 0.8.3</span>
        </dd>
    </dl>
@@ -510,7 +510,7 @@ ethernet0.checkMACAddress = "false"
        <dt><code>vmxnet</code>, <code>vmxnet2</code>, <code>vmxnet3</code></dt>
        <dd>
            Special VMware VMXnet network card, requires VMware tools inside
-            the guest. See <a href="http://kb.vmware.com/kb/1001805">VMware KB1001805</a>
+            the guest. See <a href="https://kb.vmware.com/kb/1001805">VMware KB1001805</a>
            for details.
        </dd>
        <dt><code>e1000</code></dt>
@@ -796,6 +796,13 @@ Enter administrator password for example-vcenter.com:
        performed the ESX server raises an error and the driver reports it.
    </p>
    <ul>
+        <li>
+            <code>virDomainGetHostname</code>
+        </li>
+        <li>
+            <code>virDomainInterfaceAddresses</code> (only for the
+            <code>VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT</code> source)
+        </li>
        <li>
            <code>virDomainReboot</code>
        </li>
@@ -808,22 +815,22 @@ Enter administrator password for example-vcenter.com:
    <h2><a id="links">Links</a></h2>
    <ul>
        <li>
-            <a href="http://www.vmware.com/support/developer/vc-sdk/">
+            <a href="https://www.vmware.com/support/developer/vc-sdk/">
                VMware vSphere Web Services SDK Documentation
            </a>
        </li>
        <li>
-            <a href="http://www.vmware.com/pdf/esx3_memory.pdf">
+            <a href="https://www.vmware.com/pdf/esx3_memory.pdf">
                The Role of Memory in VMware ESX Server 3
            </a>
        </li>
        <li>
-            <a href="http://www.sanbarrow.com/vmx.html">
+            <a href="https://www.sanbarrow.com/vmx.html">
                VMware VMX config parameters
            </a>
        </li>
        <li>
-            <a href="http://www.vmware.com/pdf/vsp_4_pvscsi_perf.pdf">
+            <a href="https://www.vmware.com/pdf/vsp_4_pvscsi_perf.pdf">
                VMware ESX 4.0 PVSCSI Storage Performance
            </a>
        </li>
--- a/docs/drvhyperv.html.in
+++ b/docs/drvhyperv.html.in
@@ -5,7 +5,7 @@
    <h1>Microsoft Hyper-V hypervisor driver</h1>
    <ul id="toc"></ul>
    <p>
-        The libvirt Microsoft Hyper-V driver can manage Hyper-V 2008 R2 and newer.
+        The libvirt Microsoft Hyper-V driver can manage Hyper-V 2012 R2 and newer.
    </p>


@@ -112,4 +112,39 @@ winrm set winrm/config/service @{AllowUnencrypted="true"}
 </pre>


+    <h2><a id="versions">Version Numbers</a></h2>
+    <p>
+        Since Microsoft's build numbers are almost always over 1000, this driver
+        needs to pack the value differently compared to the format defined by
+        <code>virConnectGetVersion</code>.
+        To preserve all of the digits, the following format is used:
+    </p>
+    <pre>major * 100000000 + minor * 1000000 + micro</pre>
+    <p>
+        This results in <code>virsh version</code> producing unexpected output.
+    </p>
+    <table class="top_table">
+        <thead>
+            <th>Windows Release</th>
+            <th>Kernel Version</th>
+            <th>libvirt Representation</th>
+        </thead>
+        <tr>
+            <td>Windows Server 2012 R2</td>
+            <td>6.3.9600</td>
+            <td>603.9.600</td>
+        </tr>
+        <tr>
+            <td>Windows Server 2016</td>
+            <td>10.0.14393</td>
+            <td>1000.14.393</td>
+        </tr>
+        <tr>
+            <td>Windows Server 2019</td>
+            <td>10.0.17763</td>
+            <td>1000.17.763</td>
+        </tr>
+    </table>
+
+
 </body></html>
--- a/docs/drvlxc.html.in
+++ b/docs/drvlxc.html.in
@@ -75,7 +75,7 @@ would use the following XML
 <p>
 When the container "init" process is started, it will be given several useful
 environment variables. The following standard environment variables are mandated
-by <a href="http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface">systemd container interface</a>
+by <a href="https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface">systemd container interface</a>
 to be provided by all container technologies on Linux.
 </p>

@@ -281,6 +281,16 @@ causes libvirt to activate the user namespace feature.
 </p>


+<h2><a id="configFiles">Location of configuration files</a></h2>
+
+<p>
+The LXC driver comes with sane default values. However, during its
+initialization it reads a configuration file which offers system
+administrator to override some of that default. The file is located
+under <code>/etc/libvirt/lxc.conf</code>
+</p>
+
+
 <h2><a id="activation">Systemd Socket Activation Integration</a></h2>

 <p>
--- a/docs/drvnodedev.html.in
+++ b/docs/drvnodedev.html.in
@@ -20,11 +20,10 @@
      (<code>virsh nodedev-create</code>, <code>virsh nodedev-destroy</code>)
      which are meant to be used to create virtual devices, currently only
      supported by NPIV
-      (<a href="http://wiki.libvirt.org/page/NPIV_in_libvirt">more info about NPIV)</a>).
+      (<a href="https://wiki.libvirt.org/page/NPIV_in_libvirt">more info about NPIV)</a>).
      Devices on the host system are arranged in a tree-like hierarchy, with
      the root node being called <code>computer</code>. The node device driver
-      supports two backends to manage the devices, HAL and udev, with the former
-      being deprecated in favour of the latter.
+      supports udev backend (HAL backend was removed in <code>6.8.0</code>).
    </p>

    <p>
@@ -140,12 +139,12 @@

    <h3><a id="MDEVCap">MDEV capability</a></h3>
    <p>
-      A PCI device capable of creating mediated devices will include a nested
+      A device capable of creating mediated devices will include a nested
      capability <code>mdev_types</code> which enumerates all supported mdev
      types on the physical device, along with the type attributes available
      through sysfs. A detailed description of the XML format for the
      <code>mdev_types</code> capability can be found
-      <a href="formatnode.html#MDEVCap">here</a>.
+      <a href="formatnode.html#MDEVTypesCap">here</a>.
    </p>
    <p>
      The following example shows how we might represent an NVIDIA GPU device
--- a/docs/drvopenvz.html.in
+++ b/docs/drvopenvz.html.in
@@ -19,7 +19,7 @@

    <ul>
      <li>
-        The <a href="http://openvz.org/">OpenVZ</a> Linux container
+        The <a href="https://openvz.org/">OpenVZ</a> Linux container
        system
      </li>
    </ul>
@@ -54,7 +54,7 @@ openvz+ssh://root@example.com/system (remote access, SSH tunnelled)
    <p>
    One or more of the physical devices must be attached to a bridge. The
    process for this varies according to the operating system in use, so
-    for up to date notes consult the <a href="http://wiki.libvirt.org">Wiki</a>
+    for up to date notes consult the <a href="https://wiki.libvirt.org">Wiki</a>
    or your operating system's networking documentation. The basic idea is
    that the host OS should end up with a bridge device "br0" containing a
    physical device "eth0", or a bonding device "bond0".
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -73,6 +73,8 @@ qemu+ssh://root@example.com/system   (remote access, SSH tunnelled)
      registered &amp; be running an instance of the event loop. To open
      the driver in embedded mode the app use the new URI path and specify
      a virtual root directory under which the driver will create content.
+      The path to the root directory must be absolute. Passing a relative
+      path results in an error.
    </p>

    <pre>
@@ -158,8 +160,49 @@ qemu+ssh://root@example.com/system   (remote access, SSH tunnelled)
      in mind, applications must <strong>NEVER</strong> invoke API
      calls from the event loop thread itself, only other threads.
      Not following this rule will lead to deadlocks in the API.
-      This restriction is intended to be lifted in a future release
-      of libvirt, once QMP processing moves to a dedicated thread.
+      This restriction was lifted starting from 6.2.0 release, when
+      QMP processing moved to a dedicated thread. However, it is
+      important to let the event loop run after each API call, even
+      the ones made from the event loop thread itself.
+    </p>
+
+    <h2><a id="configFiles">Location of configuration files</a></h2>
+
+    <p>
+      The QEMU driver comes with sane default values. However, during its
+      initialization it reads a configuration file which offers system
+      administrator or an user to override some of that default. The location
+      of the file depends on the connection URI, as follows:
+    </p>
+
+    <table>
+      <tr>
+        <td><code>qemu:///system</code></td>
+        <td><code>/etc/libvirt/qemu.conf</code></td>
+      </tr>
+      <tr>
+        <td><code>qemu:///session</code></td>
+        <td><code>$XDG_CONFIG_HOME/libvirt/qemu.conf</code></td>
+      </tr>
+      <tr>
+        <td><code>qemu:///embed</code></td>
+        <td><code>$rootdir/etc/qemu.conf</code></td>
+      </tr>
+    </table>
+
+    <p>
+      If <code>$XDG_CONFIG_HOME</code> is not set in the environment, it
+      defaults to <code>$HOME/.config</code>. For the embed URI the
+      <code>$rootdir</code> represents the specified root directory from
+      the connection URI.
+    </p>
+
+    <p>
+      Please note, that it is very likely that the only qemu.conf file that
+      will exist after installing libvirt is the
+      <code>/etc/libvirt/qemu.conf</code>, if users of the session daemon or
+      the embed driver want to override a built in value, then they need to
+      create the file before connecting to the respective URI.
    </p>

    <h2><a id="security">Driver security architecture</a></h2>
--- a/docs/drvvbox.html.in
+++ b/docs/drvvbox.html.in
@@ -13,7 +13,7 @@

    <ul>
      <li>
-        The <a href="http://www.virtualbox.org/">VirtualBox</a>
+        The <a href="https://www.virtualbox.org/">VirtualBox</a>
        hypervisor
      </li>
    </ul>
--- a/docs/drvvirtuozzo.html.in
+++ b/docs/drvvirtuozzo.html.in
@@ -12,7 +12,7 @@
    <h2><a id="project">Project Links</a></h2>
    <ul>
      <li>
-        The <a href="http://www.odin.com/products/virtuozzo/">Virtuozzo</a> Solution.
+        The <a href="https://www.virtuozzo.com/">Virtuozzo</a> Solution.
      </li>
    </ul>

--- a/docs/drvvmware.html.in
+++ b/docs/drvvmware.html.in
@@ -7,23 +7,23 @@
        The libvirt VMware driver should be able to manage any Workstation,
        Player, Fusion version supported by the VMware VIX API. See the
        compatibility list
-        <a href="http://www.vmware.com/support/developer/vix-api/vix110_reference/">here</a>.
+        <a href="https://www.vmware.com/support/developer/vix-api/vix110_reference/">here</a>.
    </p>
    <p>
    This driver uses the "vmrun" utility which is distributed with the VMware VIX API.
    You can download the VIX API
-    from <a href="http://www.vmware.com/support/developer/vix-api/">here</a>.
+    from <a href="https://www.vmware.com/support/developer/vix-api/">here</a>.
    </p>

    <h2><a id="project">Project Links</a></h2>

    <ul>
      <li>
-        The <a href="http://www.vmware.com/">VMware Workstation and
+        The <a href="https://www.vmware.com/">VMware Workstation and
        Player</a> hypervisors
      </li>
      <li>
-        The <a href="http://www.vmware.com/fusion">VMware Fusion</a>
+        The <a href="https://www.vmware.com/fusion">VMware Fusion</a>
        hypervisor
      </li>
    </ul>
--- a/docs/drvxen.html.in
+++ b/docs/drvxen.html.in
@@ -50,6 +50,17 @@ xen+tcp://example.com/system      (remote access, SASl/Kerberos)
 xen+ssh://root@example.com/system (remote access, SSH tunnelled)
 </pre>

+
+    <h2><a id="configFiles">Location of configuration files</a></h2>
+
+    <p>
+      The libxl driver comes with sane default values. However, during its
+      initialization it reads a configuration file which offers system
+      administrator to override some of that default. The file is located
+      under <code>/etc/libvirt/libxl.conf</code>
+    </p>
+
+
    <h2><a id="imex">Import and export of libvirt domain XML configs</a></h2>

    <p>
@@ -154,7 +165,7 @@ vif = [ "mac=00:16:3e:60:36:ba,bridge=virbr0,script=vif-bridge,vifname=vif5.0" ]
      <code>&lt;xen:commandline&gt;</code> describing each argument passed to
      the device model when starting the domain.
    </p>
-    <p>The following example illustrates passing agruments to the QEMU device
+    <p>The following example illustrates passing arguments to the QEMU device
      model that define a floppy drive, which Xen does not support through its
      public APIs:
    </p>
--- a/Show More
+++ b/Show More