Release of libvirt-9.5.0

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

.gitlab-ci.yml

@@ -118,18 +118,18 @@ codestyle_prebuilt_env:
     - .codestyle_job
     - .gitlab_native_build_job_prebuilt_env
   needs:
-    - job: x86_64-opensuse-leap-153-container
+    - job: x86_64-opensuse-leap-15-container
       optional: true
   variables:
-    NAME: opensuse-leap-153
+    NAME: opensuse-leap-15
 
 codestyle_local_env:
   extends:
     - .codestyle_job
     - .gitlab_native_build_job_local_env
   variables:
-    IMAGE: registry.opensuse.org/opensuse/leap:15.3
-    NAME: opensuse-leap-153
+    IMAGE: registry.opensuse.org/opensuse/leap:15.4
+    NAME: opensuse-leap-15
 
 
 # This artifact published by this job is downloaded to push to Weblate
@@ -155,6 +155,7 @@ potfile:
     - meson setup build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
     - ninja -C build libvirt-pot-dep
     - ninja -C build libvirt-pot
+    - ninja -C build libvirt-pot-check
     - cp po/libvirt.pot libvirt.pot
   artifacts:
     expose_as: 'Potfile'

.gitmodules

@@ -1,3 +1,3 @@
 [submodule "keycodemapdb"]
-	path = src/keycodemapdb
+	path = subprojects/keycodemapdb
 	url = https://gitlab.com/keycodemap/keycodemapdb.git

NEWS.rst

@@ -8,17 +8,566 @@ the changes introduced by each of them.
 For a more fine-grained view, use the `git log`_.
 
 
-v8.9.0 (unreleased)
+v9.5.0 (2023-07-03)
 ===================
 
-* **Security**
-
-* **Removed features**
-
 * **New features**
 
+  * qemu: Allow configuring the ``discard-no-unref`` feature of ``qcow2`` driver
+
+    The new ``discard_no_unref`` attribute of the ``disk`` ``driver`` element
+    controls whether the ``qcow2`` driver in qemu unrefs clusters inside the
+    image on discard requests. Disabling cluster unrefing decreases fragmentation
+    of the image.
+
 * **Improvements**
 
+  * qemu: Include maximum physical address size in baseline CPU
+
+    When computing a baseline CPU definition for a set of hosts, we need to
+    include maximum physical address size in the result to make sure it is
+    compatible with all hosts even if their supported physical address sizes
+    differ.
+
+  * conf: Properly handle slots for non-DIMM ``<memory>`` devices
+
+    Memory devices such as ``virtio-mem`` don't need a memory slot as they are
+    PCI devices. ``libvirt`` now properly accounts the memory slots for such
+    devices as well as specifying the ``slots`` attribute of the ``<maxMemory>``
+    element is no longer needed unless DIMM-like devices are to be used.
+
+  * ``passt`` log and port forwarding improvements
+
+    Libvirt now ensures that the ``passt`` helper process can access the
+    configured log file even when it's placed in a directory without permissions.
+
+    The ``<portForward>`` element of a passt-backed interface can now omit the
+    ``address`` attribute as it's enough to specify a ``dev``.
+
+* **Bug fixes**
+
+  * lxc: Allow seeking in ``/proc/meminfo`` to resove failure with new ``procps`` package
+
+    New version of the ``free`` command from ``procps`` package seeks into the
+    ``/proc/meminfo`` file, which was not supported by the instance of the file
+    exposed via LXC causing a failure.
+
+  * qemu: Fix rare race-condition when detaching a device
+
+    The device removal handler callback function didn't re-check the state of
+    the unplug operation after a timeout, which could rarely cause that the
+    device was removed from the VM but not the definition.
+
+  * qemu: Fix NUMA memory allocation logic
+
+    QEMU allocates memory via the emulator thread thus that has to be allowed
+    to access all configured NUMA nodes of the VM rather than just the one where
+    it's supposed to be pinned.
+
+
+  * qemu: Fix setup of ``hostdev`` backed ``<interface>``
+
+    The proper steps to initialize the host device were skipped for interfaces
+    due to a logic bug preventing start of VM which used them.
+
+
+v9.4.0 (2023-06-01)
+===================
+
+* **New features**
+
+  * qemu: Support compression for parallel migration
+
+    QEMU supports parallel migration to be compressed using either zstd or zlib.
+
+* **Improvements**
+
+  * Adapt to musl-1.2.4
+
+    The latest version of musl stopped declaring some symbols that libvirt's
+    test suite used (for redirecting ``stat()`` family of functions), leaving
+    the tests broken. This is now fixed and the test suite works even with the
+    latest version of musl.
+
+  * conf: Introduce ``<address/>`` for virtio-mem and virtio-pmem
+
+    To ensure guest ABI stability, libvirt persists address for memory devices,
+    now including ``virtio-mem`` and ``virtio-pmem``. The address can be also
+    specified by user.
+
+* **Bug fixes**
+
+  * qemu: Account for NVMe disks when calculating memlock limit on hotplug
+
+    When no ``<hard_limit/>`` is set, libvirt still tries to guess a sensible
+    limit for memlock for domains. But this limit was not calculated properly
+    on a hotplug of ``<disk type='nvme'/>``.
+
+  * numa: Deny other memory modes than ``restrictive``` if a memnode is ``restrictive``
+
+    Due to a missing check it was possible to define a domain with incorrect
+    ``<numatune/>``. For instance it was possible to have a ``<memnode
+    mode="restrictive"/>`` and ``<memory/>`` of a different mode. This is now
+    forbidden and if either all ``<memnode/>``-s and ``<memory/>`` have to have
+    ``restrictive`` mode, or none.
+
+  * qemu: Start emulator thread with more generous ``cpuset.mems``
+
+    To ensure memory is allocated only from configured NUMA nodes, libvirt sets
+    up cpuset CGgroup controller, even before QEMU is executed. But this may
+    prevent QEMU from setting affinity of threads that allocate memory. Since
+    these threads are spawned from the emulator thread, the initial set up must
+    be more generous and include union of all host NUMA nodes that are allowed
+    in the domain definition. Once QEMU has allocated all its memory, the
+    emulator thread is restricted further, as it otherwise would be.
+
+
+v9.3.0 (2023-05-02)
+===================
+
+* **New features**
+
+  * qemu: Introduce support for ``igb`` network interface model
+
+    ``igb`` is a successor to the ``e1000e`` network device using PCIe interface.
+    It was introduced in QEMU 8.0
+
+  * qemu: Improve handling of maximum physical address configuration
+
+* **Improvements**
+
+  * qemu: Change default machine type for ARM and RISC-V
+
+    ARM and RISC-V architectures now use the ``virt`` machine type by default.
+    The previous defaults were nearly unusable and had to be overridden in most
+    cases.
+
+  * Improve translatable strings format substitutions
+
+    All translatable error messages with substitution strings were converted to
+    use positional modifiers to allow translators to shuffle around words in
+    the translation. The translations in Weblate were also updated to match.
+
+  * qemu: Improve validation of ``watchdog`` devices
+
+    Certain invalid configurations of ``watchdog`` device are now properly
+    detected:
+
+     - hotplug of always-present platform watchdogs is forbidden
+     - ``iTCO`` watchdog can be configured only once
+     - ``ib700`` watchdog is allowed only on ``i440fx`` machines
+
+  * Improved output of ``virt-host-validate`` on ARM
+
+    Our validation tool now parses the ``IORT`` data on ARM to properly detect
+    presence of SMMU and other features.
+
+* **Bug fixes**
+
+  * qemu: Fix inactive internal snapshots of VM with UEFI firmware
+
+    Recent changes to UEFI firmware handling resulted into breaking support
+    for inactive internal snapshots of VMs with UEFI which historically worked.
+    (Although the intention was to disallow them together with active ones, but
+    the check did not work properly.)
+
+    Preserve existing functionality by allowing such snapshots explicitly.
+
+  * qemu: Properly configure locked memory limit for VMs with ``<disk type='nvme'``
+
+    The NVMe driver in qemu requires some memory to be locked. This was not
+    taken into account in the code which calculates the memory limits based
+    on devices present in the configuration
+
+  * Fix native build on win32
+
+    Various improvements to the build system now allow users to build the client
+    library of libvirt on win32 natively.
+
+  * qemu: Properly detect tray of hotplugged CD-ROM devices
+
+    Media in a CD-ROM device which was hotplugged could not be changed as the
+    presence of the tray was not detected properly on hotplug.
+
+
+v9.2.0 (2023-04-01)
+===================
+
+* **New features**
+
+  * qemu: Add support for QCOW2 formatted firmware
+
+    This type of firmware can be picked up either automatically, if the
+    corresponding JSON descriptor has the highest priority, or manually by
+    using ``<loader format='qcow2'/>`` in the domain XML.
+
+* **Improvements**
+
+  * qemu: Make firmware selection persistent
+
+    Up until now, firmware autoselection has been performed at domain startup
+    time: as a result, changes to the JSON firmware descriptors present on the
+    system could have translated to a different firmware being chosen for
+    subsequent startups of the same domain, potentially rendering it unbootable
+    or lowering the security guarantees. Firmware selection now happens once,
+    when the domain is defined, and its results are stored in the domain XML
+    to be reused, unchanged, for all subsequent boots.
+
+  * qemu: passt now works when SELinux/AppArmor is enabled
+
+    In the case of SELinux, this requires passt-specific support code to be
+    present in the host policy, so it might only work with upcoming operating
+    systems and not with existing ones.
+
+  * xen: Support custom UEFI firmware paths
+
+    The Xen libxl driver now supports specifying a custom UEFI firmware path.
+    Previously the Xen default was used in all cases.
+
+* **Bug fixes**
+
+  * qemu: Fix validation of the HPET timer
+
+    Due to a logic bug introduced in libvirt 9.0.0, VM configurations
+    explicitly enabling the HPET timer were rejected.
+
+  * qemu: Fix thread-context .host-nodes generation
+
+    With new enough QEMU, libvirt instructs QEMU to set affinity of memory
+    allocation threads. But this may have resulted in QEMU being unable to do
+    so, as affinity to NUMA nodes inaccessible to emulator thread might have
+    been requested.
+
+  * rpc: fix typo in admin code generation
+
+    Fix the bug in the remote ``virt-admin`` code generator, that resulted
+    in a crash. Introduced in libvirt 9.1.0.
+
+  * qemu: relax shared memory check for vhostuser daemons
+
+    Fix hotplug of virtiofs ``filesystem`` after restarting libvirtd.
+    Before, libvirtd would incorrectly complain about missing shared
+    memory.
+
+
+v9.1.0 (2023-03-01)
+===================
+
+* **Removed features**
+
+  * vbox: removed support for version 5.2 and 6.0 APIs
+
+    Libvirt no longer supports use of VirtualBox 5.2 and 6.0 since these
+    versions reached their end of life on 2020/07.
+
+* **New features**
+
+  * vbox: added support for version 7.0 API
+
+    Libvirt can now support use of the VirtualBox 7.0, This is compile tested
+    only, so we are looking for feedback from users on how well it works in
+    practice.
+
+  * qemu: Support crypto device
+
+    Support crypto device(virtio crypto only), also add support for QEMU with
+    backend ``builtin`` and ``lkcf``.
+
+  * qemu: added support for pvpanic-pci device
+
+    A pvpanic device can be now defined as a PCI device (the original is an ISA
+    device) with ``<panic model='pvpanic'/>``.
+
+  * qemu: support automatic restart of inadvertently terminated passt process
+
+    If the passt process that is serving as the backend of a -netdev
+    stream is terminated unexpectedly, libvirt now listens to QEMU's
+    notification of this, and starts up a new passt instance, thus
+    preserving network connectivity.
+
+* **Improvements**
+
+  * RPM packaging changes
+
+    The ``libvirt-daemon`` subpackage is split into several new subpackages,
+    allowing installation of a modular daemon configuration without the
+    traditional monolithic libvirtd.
+
+* **Bug fixes**
+
+  * QEMU: iTCO watchdog made operational
+
+    The watchdog was always included when q35 machine type was used, but needed
+    an extra bit of configuration in order to be operational.  This is now done
+    by default when running a QEMU domain with q35 machine type.  This is not a
+    change in the guest ABI, but it is a guest visible behavior change since the
+    watchdog that did not fire before will now fire once used.  To switch to the
+    previous behavior the watchdog action must be set to ``none``.
+
+  * QEMU: fix deleting memory snapshot when deleting external snapshots
+
+    When external snapshot deletion was introduced it did not remove memory
+    snapshot when it existed. In addition when external memory only snapshot
+    was created libvirt failed without producing any error.
+
+  * QEMU: properly report passt startup errors
+
+    Due to how the child passt process was started, the initial
+    support for passt (added in 9.0.0) would not see errors
+    encountered during startup, so libvirt would continue to setup and
+    start the guest; this led to a running guest with no network
+    connectivity.
+
+    (NB: On systems that use them, it is still necessary to disable
+    SELinux/AppArmor to start passt. This is a temporary limitation,
+    and use of the feature in production is strongly discouraged
+    until it has been lifted.)
+
+  * qemu: Fix error when attempting to change media in a CDROM drive
+
+    Due to a logic bug introduced in libvirt-9.0 attempts to change media in a
+    CDROM would previously fail with an error stating that the tray isn't open.
+
+  * qemu: Properly handle block job transitions
+
+    Starting with libvirt-9.0 the block job state machine improperly handled
+    some job transitions, which resulted into some block jobs not being
+    properly terminated. This could cause problems such as errors when
+    detaching a disk after snapshot.
+
+  * virsh: Make domif-setlink work more than once
+
+    There was a bug introduced in the previous release which made ``virsh
+    domif-setlink`` work exactly once over given domain. The bug was fixed and
+    now the command can be run multiple times.
+
+  * qemu: Make domain startup fail if NIC already exists
+
+    When starting a domain with an ``<interface/>`` that's supposed to be
+    managed by libvirt (``managed='yes'``) but corresponding TAP device already
+    exists, report an error and make the startup process fail.
+
+  * qemu: Deal with nested mounts when umount()-ing /dev
+
+    When setting up private ``/dev`` for a domain (also known as ``namespaces``
+    in ``qemu.conf``), libvirt preserves mount points nested under ``/dev``
+    (e.g.  ``/dev/shm``, ``/dev/pts`` and so on). But there was a bug which
+    resulted in inability to construct the namespace when there were two or
+    more filesystems mounted on the same path. This is common scenario with
+    containers and thus the bug was fixed.
+
+  * remote: Pass ``mode`` and ``socket`` URI parameters to virt-ssh-helper
+
+    When connecting to a remote host using SSH transport, ``?mode=`` and
+    ``?socket=`` URI parameters were ignored. This prevented users from
+    connecting to a monolithic daemon running on a remote host.
+
+  * qemu: Various ``swtpm`` related fixes
+
+    There are more cleanups and small bug fixes with regards to emulated
+    ``<tpm/>``. For instance with migration when the ``swtpm`` state is on a
+    shared volume, or seclabel setting/restoring.
+
+
+v9.0.0 (2023-01-16)
+===================
+
+* **New features**
+
+  * QEMU: implement external snapshot deletion
+
+    External snapshot deletion is now possible using the existing API
+    ``virDomainSnapshotDelete()``. Flags that allow deleting children
+    or children only are not supported.
+
+  * QEMU: support passt (https://passt.top)
+
+    passt can be used to connect an emulated network device to the
+    host's network without requiring libvirt to have any sort of
+    elevated privileges. This is configured with::
+
+      <interface type='user'>
+        <backend type='passt'>
+        ...
+
+  * QEMU: add external backend for swtpm
+
+    Connecting the VM to a swtpm daemon started outside of libvirt
+    is now possible.
+
+  * QEMU: Support for passing FDs instead of opening files for `<disk>`
+
+    A new API `virDomainFDAssociate` gives the users the option to pass FDs
+    to libvirt and then use them when starting a VM. Currently the FDs can
+    be used instead of directly opening files as `<disk>` backend.
+
+* **Improvements**
+
+  * qemu: Prefer PNG for domain screenshots
+
+    With sufficiently new QEMU (v7.1.0) screenshots change format from PPM to PNG.
+
+  * tools: Fix install_mode for some scripts
+
+    Scripts from the following list were installed with group write bit set:
+    virt-xml-validate, virt-pki-validate, virt-sanlock-cleanup,
+    libvirt-guests.sh. This was changed so that only the owner is able to write
+    them.
+
+  * qemu: Allow multiple nodes for preferred policy
+
+    Due to restrictions of old kernels and libnuma APIs, the preferred NUMA
+    policy accepted just a single host NUMA node. With recent enough kernel
+    (v5.15.0) and libnuma (v2.0.15) it's possible to set multiple nodes.
+
+  * secret: Inhibit shutdown of daemon for ephemeral secrets
+
+    When an ephemeral secret is defined then automatic shutdown of virtsecretd
+    is inhibited. This is to avoid ephemeral secrets disappearing shortly
+    before their use.
+
+  * qemu: Report Hyper-V Enlightenments in domcapabilities
+
+    The supported Hyper-V Enlightenments are now reported in domain
+    capabilities XML.
+
+* **Bug fixes**
+
+  * Fix NULL-pointer dereference `virXMLPropStringRequired`
+
+    Fix a bug where when parsing a XML property which is required to be present
+    by using `virXMLPropStringRequired` the parser will crash instead of
+    reporting an error.
+
+  * qemu: Init ext devices paths on reconnect
+
+    Paths for external devices are not stored in the status XML. Therefore,
+    when the daemon restarted and was reconnecting to a running domain, these
+    paths were left blank which led to the daemon crash.
+
+  * qemu: Validate arguments passed to `virConnectGetDomainCapabilities`
+
+    There was a code path in which insufficient validation of input arguments
+    of `virConnectGetDomainCapabilities` API was possible which led to the
+    daemon crash. This path is now fixed.
+
+
+v8.10.0 (2022-12-01)
+====================
+
+* **New features**
+
+  * Tool for validating SEV firmware boot measurement of QEMU VMs
+
+    The ``virt-qemu-sev-validate`` program will compare a reported SEV/SEV-ES
+    domain launch measurement, to a computed launch measurement. This
+    determines whether the domain has been tampered with during launch.
+
+  * Support for SGX EPC (enclave page cache)
+
+    Users can add a ``<memory model='sgx-epc'>`` device to launch a VM with
+    ``Intel Software Guard Extensions``.
+
+  * Support migration of vTPM state of QEMU vms on shared storage
+
+    Pass ``--migration`` option if appropriate in order for ``swtpm`` to
+    properly migrate on shared storage.
+
+* **Improvements**
+
+  * Mark close callback (un-)register API as high priority
+
+    High priority APIs use a separate thread pool thus can help in eliminating
+    problems with stuck VMs. Marking the close callback API as high priority
+    allows ``virsh`` to properly connect to the daemon in case the normal
+    priority workers are stuck allowing other high priority API usage.
+
+  * Updated x86 CPU features
+
+    The following features for the x86 platform were added:
+    ``v-vmsave-vmload``, ``vgif``, ``avx512-vp2intersect``, ``avx512-fp16``,
+    ``serialize``, ``tsx-ldtrk``, ``arch-lbr``, ``xfd``, ``intel-pt-lip``,
+    ``avic``, ``sgx``, ``sgxlc``, ``sgx-exinfo``, ``sgx1``, ``sgx2``,
+    ``sgx-debug``, ``sgx-mode64``, ``sgx-provisionkey``, ``sgx-tokenkey``,
+    ``sgx-kss``, ``bus-lock-detect``, ``pks``, ``amx``.
+
+  * Add support for ``hv-avic`` Hyper-V enlightenment
+
+    ``qemu-6.2`` introduced support for the ``hv-avic`` enlightenment which
+    allows to use Hyper-V SynIC with hardware APICv/AVIC enabled.
+
+  * qemu: Run memory preallocation with numa-pinned threads
+
+    Run the thread allocating memory in the proper NUMA node to reduce overhead.
+
+  * RPM packaging changes
+
+    - add optional dependency of ``libvirt-daemon`` on ``libvirt-client``
+
+      The ``libvirt-guests.`` tool requires the ``virsh`` client to work
+      properly, but we don't want to require the installation of the daemon
+      if the tool is not used.
+
+    - relax required ``python3-libvirt`` version for ``libvirt-client-qemu``
+
+      The ``virt-qemu-qmp-proxy`` tool requires python but doesn't strictly
+      need the newest version. Remove the strict versioning requirement in
+      order to prevent cyclic dependency when building.
+
+* **Bug fixes**
+
+  * Skip initialization of ``cache`` capabilities if host doesn't support them
+
+    Hypervisor drivers would fail to initialize on ``aarch64`` hosts with
+    following error ::
+
+      virStateInitialize:657 : Initialisation of cloud-hypervisor state driver failed: no error
+
+    which prevented the startup of the daemon.
+
+  * Allow incoming connections to guests on routed networks w/firewalld
+
+    A change in handling of implicit rules in ``firewalld 1.0.0`` broke
+    incoming connections to VMs when using ``routed`` network. This is fixed
+    by adding a new ``libvirt-routed`` zone configured to once again allow
+    incoming sessions to guests on routed networks.
+
+  * Fix infinite loop in nodedev driver
+
+    Certain udev entries might be of a size that makes libudev emit EINVAL
+    which caused a busy loop burning CPU. Fix it by ignoring the return code.
+
+v8.9.0 (2022-11-01)
+===================
+
+* **New features**
+
+  * Add ``virt-qemu-qmp-proxy`` for emulating a QMP socket for libvirt managed VMs
+
+    ``virt-qemu-qmp-proxy`` tool provides a way to expose an emulated QMP server
+    socket for a VM managed by libvirt. This allows existing QMP-only clients
+    to work with libvirt managed VMs.
+
+    **Note:** libvirt is not interpreting the communication between the tool
+    using the proxy and qemu itself, so any state-changing commands may
+    desynchronize libvirt. Use at your own risk.
+
+  * qemu: Core Scheduling support
+
+    To avoid side channel attacks, the Linux kernel allows creating groups of
+    processes that trust each other and thus can be scheduled to run on
+    hyperthreads of a CPU core at the same time. This is now implemented for
+    QEMU domains too (see ``sched_core`` knob in qemu.conf), although not
+    enabled by default, just yet.
+
+* **Improvements**
+
+  * qemu: Add hypervisor-specific statistics to ``virConnectGetAllDomainStats``
+
+    The new stats group ``VIR_DOMAIN_STATS_VM`` of
+    ``virConnectGetAllDomainStats``, also exposed as ``virsh domstats --vm``,
+    returns hypervisor-specific stats fields for given VM.
+
   * Add ``vendor`` attribute for CPU models in domain capabilities
 
     Users can now see the vendor of each CPU model in domain capabilities and
@@ -37,6 +586,19 @@ v8.9.0 (unreleased)
     The channel and redirect devices supported by the hypervisor are now
     reported in domain capabilities.
 
+  * meson: Bump minimal required meson version
+
+    Newer meson versions deprecate some functions used. These were replaced
+    with their newer counterparts and the minimal required mesion version was
+    bumped to 0.56.0.
+
+  * qemu: Add flags to keep or remove TPM state for ``virDomainUndefineFlags``
+
+    ``VIR_DOMAIN_UNDEFINE_TPM`` and ``VIR_DOMAIN_UNDEFINE_KEEP_TPM`` specify
+    accordingly to delete or keep a TPM's persistent state directory structure
+    and files when undefining a domain. In virsh the flags are exposed as
+    ``--tpm`` and ``--keep-tpm`` for the sub-command ``undefine``.
+
 * **Bug fixes**
 
   * qemu: Disable all blocker features in CPU baseline
@@ -54,6 +616,14 @@ v8.9.0 (unreleased)
     In 8.8.0 release libvirt daemon would crash after it was restarted during
     an active outgoing migration.
 
+  * qemu: Refresh state after restore from a save image
+
+    When a domain is restored from a saved image, libvirt now queries QEMU for
+    those parts of runtime information that were not part of the save image.
+    For instance: MAC address of a macvtap NICs, tray state of CD-ROMs,
+    allocated size of virtio-mem, and others.
+
+
 v8.8.0 (2022-10-03)
 ===================
 
@@ -163,7 +733,7 @@ v8.5.0 (2022-07-01)
   * qemu: Add support for zero-copy migration
 
     With QEMU 7.1.0, libvirt can enable zerocopy for parallel migration. This
-    is implmented by adding a new ``VIR_MIGRATE_ZEROCOPY`` flag(``virsh migrate
+    is implemented by adding a new ``VIR_MIGRATE_ZEROCOPY`` flag(``virsh migrate
     --zerocopy``).
 
   * Introduce thread_pool_min and thread_pool_max attributes to IOThread

build-aux/syntax-check.mk

@@ -203,6 +203,7 @@ sc_prohibit_readlink:
 
 sc_prohibit_gethostname:
 	@prohibit='gethostname *\(' \
+	in_vc_files='\.[ch]$$' \
 	halt='use virGetHostname, not gethostname' \
 	  $(_sc_search_regexp)
 
@@ -387,6 +388,7 @@ msg_gen_function += lxcError
 msg_gen_function += regerror
 msg_gen_function += vah_error
 msg_gen_function += vah_warning
+msg_gen_function += vboxReportError
 msg_gen_function += virGenericReportError
 msg_gen_function += virRaiseError
 msg_gen_function += virReportError
@@ -453,6 +455,11 @@ sc_prohibit_diagnostic_without_format:
 	  { echo 'found diagnostic without %' 1>&2; \
 	    exit 1; } || :
 
+sc_require_permutable_format_in_translation:
+	@prohibit='\<N?_ *\("[^"]*%[^%$$ ]*[a-zA-Z][^"]*"' \
+	halt='non-permutable format string(s)' \
+	  $(_sc_search_regexp)
+
 # The strings "" and "%s" should never be marked for translation.
 # Files under tests/ and examples/ should not be translated.
 sc_prohibit_useless_translation:
@@ -559,6 +566,11 @@ sc_require_enum_last_marker:
 	  { echo 'enum impl needs _LAST marker on second line' 1>&2; \
 	    exit 1; } || :
 
+sc_prohibit_python_without_env:
+	@prohibit='#!/usr/.*/py''thon' \
+	 halt='always call python via /usr/bin/env' \
+	   $(_sc_search_regexp)
+
 # We're intentionally ignoring a few warnings
 #
 # E501: Force breaking lines at < 80 characters results in
@@ -1358,7 +1370,7 @@ exclude_file_name_regexp--sc_prohibit_close = \
   (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/vir(file|event)\.c|src/libvirt-stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/nss/libvirt_nss_(leases|macs)\.c)|tools/virt-qemu-qmp-proxy$$)
 
 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(nodedevmdevctl|virhostcpu|virpcitest|virstoragetest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
+  (^tests/(nodedevmdevctl|viracpi|virhostcpu|virpcitest|virstoragetest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
 
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
   (^(src/(util/(vircommand|virdaemon)|lxc/lxc_controller)|tests/testutils)\.c$$)

ci/buildenv/alpine-317.sh

@@ -60,6 +60,7 @@ function install_buildenv() {
         python3 \
         qemu-img \
         readline-dev \
+        rpcgen \
         samurai \
         sed \
         util-linux-dev \

ci/buildenv/centos-stream-9.sh

@@ -68,9 +68,7 @@ function install_buildenv() {
         polkit \
         python3 \
         python3-docutils \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
+        python3-flake8 \
         qemu-img \
         readline-devel \
         rpcgen \
@@ -88,7 +86,6 @@ function install_buildenv() {
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
-    /usr/bin/pip3 install flake8
 }
 
 export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"

ci/buildenv/debian-11-cross-aarch64.sh

@@ -88,7 +88,7 @@ function install_buildenv() {
             libyajl-dev:arm64 \
             systemtap-sdt-dev:arm64
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
 ar = '/usr/bin/aarch64-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/aarch64-linux-gnu-strip'\n\
@@ -98,7 +98,7 @@ pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'aarch64'\n\
 cpu = 'aarch64'\n\
-endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu
+endian = 'little'\n" > /usr/local/share/meson/cross/aarch64-linux-gnu
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc

ci/buildenv/debian-11-cross-armv6l.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:armel \
             systemtap-sdt-dev:armel
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
 ar = '/usr/bin/arm-linux-gnueabi-gcc-ar'\n\
 strip = '/usr/bin/arm-linux-gnueabi-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'arm'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi
+endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabi
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc

ci/buildenv/debian-11-cross-armv7l.sh

@@ -88,7 +88,7 @@ function install_buildenv() {
             libyajl-dev:armhf \
             systemtap-sdt-dev:armhf
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
 ar = '/usr/bin/arm-linux-gnueabihf-gcc-ar'\n\
 strip = '/usr/bin/arm-linux-gnueabihf-strip'\n\
@@ -98,7 +98,7 @@ pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'armhf'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf
+endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabihf
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc

ci/buildenv/debian-11-cross-i686.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:i386 \
             systemtap-sdt-dev:i386
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/i686-linux-gnu-gcc'\n\
 ar = '/usr/bin/i686-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/i686-linux-gnu-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'x86'\n\
 cpu = 'i686'\n\
-endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu
+endian = 'little'\n" > /usr/local/share/meson/cross/i686-linux-gnu
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc

ci/buildenv/debian-11-cross-mips64el.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:mips64el \
             systemtap-sdt-dev:mips64el
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
 ar = '/usr/bin/mips64el-linux-gnuabi64-gcc-ar'\n\
 strip = '/usr/bin/mips64el-linux-gnuabi64-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips64'\n\
 cpu = 'mips64el'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64
+endian = 'little'\n" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc

ci/buildenv/debian-11-cross-mipsel.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:mipsel \
             systemtap-sdt-dev:mipsel
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
 ar = '/usr/bin/mipsel-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/mipsel-linux-gnu-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips'\n\
 cpu = 'mipsel'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu
+endian = 'little'\n" > /usr/local/share/meson/cross/mipsel-linux-gnu
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc

ci/buildenv/debian-11-cross-ppc64le.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:ppc64el \
             systemtap-sdt-dev:ppc64el
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
 ar = '/usr/bin/powerpc64le-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/powerpc64le-linux-gnu-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'ppc64'\n\
 cpu = 'powerpc64le'\n\
-endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu
+endian = 'little'\n" > /usr/local/share/meson/cross/powerpc64le-linux-gnu
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc

ci/buildenv/debian-11-cross-s390x.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:s390x \
             systemtap-sdt-dev:s390x
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/s390x-linux-gnu-gcc'\n\
 ar = '/usr/bin/s390x-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/s390x-linux-gnu-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 's390x'\n\
 cpu = 's390x'\n\
-endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu
+endian = 'big'\n" > /usr/local/share/meson/cross/s390x-linux-gnu
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc

ci/buildenv/debian-sid-cross-aarch64.sh

@@ -88,7 +88,7 @@ function install_buildenv() {
             libyajl-dev:arm64 \
             systemtap-sdt-dev:arm64
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
 ar = '/usr/bin/aarch64-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/aarch64-linux-gnu-strip'\n\
@@ -98,7 +98,7 @@ pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'aarch64'\n\
 cpu = 'aarch64'\n\
-endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu
+endian = 'little'\n" > /usr/local/share/meson/cross/aarch64-linux-gnu
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc

ci/buildenv/debian-sid-cross-armv6l.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:armel \
             systemtap-sdt-dev:armel
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
 ar = '/usr/bin/arm-linux-gnueabi-gcc-ar'\n\
 strip = '/usr/bin/arm-linux-gnueabi-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'arm'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi
+endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabi
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc

ci/buildenv/debian-sid-cross-armv7l.sh

@@ -88,7 +88,7 @@ function install_buildenv() {
             libyajl-dev:armhf \
             systemtap-sdt-dev:armhf
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
 ar = '/usr/bin/arm-linux-gnueabihf-gcc-ar'\n\
 strip = '/usr/bin/arm-linux-gnueabihf-strip'\n\
@@ -98,7 +98,7 @@ pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'armhf'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf
+endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabihf
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc

ci/buildenv/debian-sid-cross-i686.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:i386 \
             systemtap-sdt-dev:i386
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/i686-linux-gnu-gcc'\n\
 ar = '/usr/bin/i686-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/i686-linux-gnu-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'x86'\n\
 cpu = 'i686'\n\
-endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu
+endian = 'little'\n" > /usr/local/share/meson/cross/i686-linux-gnu
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc

ci/buildenv/debian-sid-cross-mips64el.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:mips64el \
             systemtap-sdt-dev:mips64el
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
 ar = '/usr/bin/mips64el-linux-gnuabi64-gcc-ar'\n\
 strip = '/usr/bin/mips64el-linux-gnuabi64-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips64'\n\
 cpu = 'mips64el'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64
+endian = 'little'\n" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc

ci/buildenv/debian-sid-cross-mipsel.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:mipsel \
             systemtap-sdt-dev:mipsel
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
 ar = '/usr/bin/mipsel-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/mipsel-linux-gnu-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips'\n\
 cpu = 'mipsel'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu
+endian = 'little'\n" > /usr/local/share/meson/cross/mipsel-linux-gnu
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc

ci/buildenv/debian-sid-cross-ppc64le.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:ppc64el \
             systemtap-sdt-dev:ppc64el
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
 ar = '/usr/bin/powerpc64le-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/powerpc64le-linux-gnu-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'ppc64'\n\
 cpu = 'powerpc64le'\n\
-endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu
+endian = 'little'\n" > /usr/local/share/meson/cross/powerpc64le-linux-gnu
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc

ci/buildenv/debian-sid-cross-s390x.sh

@@ -87,7 +87,7 @@ function install_buildenv() {
             libyajl-dev:s390x \
             systemtap-sdt-dev:s390x
     mkdir -p /usr/local/share/meson/cross
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/s390x-linux-gnu-gcc'\n\
 ar = '/usr/bin/s390x-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/s390x-linux-gnu-strip'\n\
@@ -97,7 +97,7 @@ pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 's390x'\n\
 cpu = 's390x'\n\
-endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu
+endian = 'big'\n" > /usr/local/share/meson/cross/s390x-linux-gnu
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc

ci/buildenv/fedora-38.sh

@@ -58,7 +58,6 @@ function install_buildenv() {
         lvm2 \
         make \
         meson \
-        netcf-devel \
         nfs-utils \
         ninja-build \
         numactl-devel \

ci/buildenv/opensuse-leap-15.sh

@@ -59,6 +59,7 @@ function install_buildenv() {
            libyajl-devel \
            lvm2 \
            make \
+           meson \
            nfs-utils \
            ninja \
            numad \
@@ -70,9 +71,6 @@ function install_buildenv() {
            python3-base \
            python3-docutils \
            python3-flake8 \
-           python3-pip \
-           python3-setuptools \
-           python3-wheel \
            qemu-tools \
            readline-devel \
            rpcgen \
@@ -89,7 +87,6 @@ function install_buildenv() {
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
-    /usr/bin/pip3 install meson==0.56.0
 }
 
 export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"

ci/cirrus/build.yml

@@ -4,6 +4,7 @@
 env:
   CI_REPOSITORY_URL: "@CI_REPOSITORY_URL@"
   CI_COMMIT_REF_NAME: "@CI_COMMIT_REF_NAME@"
+  CI_MERGE_REQUEST_REF_PATH: "@CI_MERGE_REQUEST_REF_PATH@"
   CI_COMMIT_SHA: "@CI_COMMIT_SHA@"
   PATH: "@PATH@"
   PKG_CONFIG_PATH: "@PKG_CONFIG_PATH@"
@@ -20,7 +21,7 @@ build_task:
     - if test -n "@PYPI_PKGS@" ; then @PIP3@ install @PYPI_PKGS@ ; fi
   clone_script:
     - git clone --depth 100 "$CI_REPOSITORY_URL" .
-    - git fetch origin "$CI_COMMIT_REF_NAME"
+    - git fetch origin "${CI_MERGE_REQUEST_REF_PATH:-$CI_COMMIT_REF_NAME}"
     - git reset --hard "$CI_COMMIT_SHA"
   build_script:
     - meson setup build

ci/cirrus/macos-12.vars

@@ -4,13 +4,13 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci
 
-CCACHE='/usr/local/bin/ccache'
+CCACHE='/opt/homebrew/bin/ccache'
 CPAN_PKGS=''
 CROSS_PKGS=''
-MAKE='/usr/local/bin/gmake'
-NINJA='/usr/local/bin/ninja'
+MAKE='/opt/homebrew/bin/gmake'
+NINJA='/opt/homebrew/bin/ninja'
 PACKAGING_COMMAND='brew'
-PIP3='/usr/local/bin/pip3'
+PIP3='/opt/homebrew/bin/pip3'
 PKGS='augeas bash-completion ccache codespell cppi curl diffutils docutils flake8 gettext git glib gnu-sed gnutls grep libiscsi libpcap libssh libssh2 libxml2 libxslt make meson ninja perl pkg-config python3 qemu readline rpcgen scrub yajl'
 PYPI_PKGS=''
-PYTHON='/usr/local/bin/python3'
+PYTHON='/opt/homebrew/bin/python3'

ci/containers/alpine-317.Dockerfile

@@ -4,7 +4,7 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci
 
-FROM docker.io/library/alpine:3.15
+FROM docker.io/library/alpine:3.17
 
 RUN apk update && \
     apk upgrade && \
@@ -61,6 +61,7 @@ RUN apk update && \
         python3 \
         qemu-img \
         readline-dev \
+        rpcgen \
         samurai \
         sed \
         util-linux-dev \

ci/containers/centos-stream-9.Dockerfile

@@ -69,9 +69,7 @@ RUN dnf distro-sync -y && \
         polkit \
         python3 \
         python3-docutils \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
+        python3-flake8 \
         qemu-img \
         readline-devel \
         rpcgen \
@@ -92,8 +90,6 @@ RUN dnf distro-sync -y && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
-RUN /usr/bin/pip3 install flake8
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"
 ENV MAKE "/usr/bin/make"

ci/containers/debian-11-cross-aarch64.Dockerfile

@@ -101,7 +101,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
 ar = '/usr/bin/aarch64-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/aarch64-linux-gnu-strip'\n\
@@ -111,7 +111,7 @@ pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'aarch64'\n\
 cpu = 'aarch64'\n\
-endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu && \
+endian = 'little'\n" > /usr/local/share/meson/cross/aarch64-linux-gnu && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \

ci/containers/debian-11-cross-armv6l.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
 ar = '/usr/bin/arm-linux-gnueabi-gcc-ar'\n\
 strip = '/usr/bin/arm-linux-gnueabi-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'arm'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi && \
+endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabi && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \

ci/containers/debian-11-cross-armv7l.Dockerfile

@@ -101,7 +101,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
 ar = '/usr/bin/arm-linux-gnueabihf-gcc-ar'\n\
 strip = '/usr/bin/arm-linux-gnueabihf-strip'\n\
@@ -111,7 +111,7 @@ pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'armhf'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf && \
+endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabihf && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \

ci/containers/debian-11-cross-i686.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/i686-linux-gnu-gcc'\n\
 ar = '/usr/bin/i686-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/i686-linux-gnu-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'x86'\n\
 cpu = 'i686'\n\
-endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu && \
+endian = 'little'\n" > /usr/local/share/meson/cross/i686-linux-gnu && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \

ci/containers/debian-11-cross-mips64el.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
 ar = '/usr/bin/mips64el-linux-gnuabi64-gcc-ar'\n\
 strip = '/usr/bin/mips64el-linux-gnuabi64-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips64'\n\
 cpu = 'mips64el'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64 && \
+endian = 'little'\n" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64 && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \

ci/containers/debian-11-cross-mipsel.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
 ar = '/usr/bin/mipsel-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/mipsel-linux-gnu-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips'\n\
 cpu = 'mipsel'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu && \
+endian = 'little'\n" > /usr/local/share/meson/cross/mipsel-linux-gnu && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \

ci/containers/debian-11-cross-ppc64le.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
 ar = '/usr/bin/powerpc64le-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/powerpc64le-linux-gnu-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'ppc64'\n\
 cpu = 'powerpc64le'\n\
-endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu && \
+endian = 'little'\n" > /usr/local/share/meson/cross/powerpc64le-linux-gnu && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \

ci/containers/debian-11-cross-s390x.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/s390x-linux-gnu-gcc'\n\
 ar = '/usr/bin/s390x-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/s390x-linux-gnu-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 's390x'\n\
 cpu = 's390x'\n\
-endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu && \
+endian = 'big'\n" > /usr/local/share/meson/cross/s390x-linux-gnu && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \

ci/containers/debian-sid-cross-aarch64.Dockerfile

@@ -101,7 +101,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
 ar = '/usr/bin/aarch64-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/aarch64-linux-gnu-strip'\n\
@@ -111,7 +111,7 @@ pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'aarch64'\n\
 cpu = 'aarch64'\n\
-endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu && \
+endian = 'little'\n" > /usr/local/share/meson/cross/aarch64-linux-gnu && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \

ci/containers/debian-sid-cross-armv6l.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
 ar = '/usr/bin/arm-linux-gnueabi-gcc-ar'\n\
 strip = '/usr/bin/arm-linux-gnueabi-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'arm'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi && \
+endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabi && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \

ci/containers/debian-sid-cross-armv7l.Dockerfile

@@ -101,7 +101,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
 ar = '/usr/bin/arm-linux-gnueabihf-gcc-ar'\n\
 strip = '/usr/bin/arm-linux-gnueabihf-strip'\n\
@@ -111,7 +111,7 @@ pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'armhf'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf && \
+endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabihf && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \

ci/containers/debian-sid-cross-i686.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/i686-linux-gnu-gcc'\n\
 ar = '/usr/bin/i686-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/i686-linux-gnu-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'x86'\n\
 cpu = 'i686'\n\
-endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu && \
+endian = 'little'\n" > /usr/local/share/meson/cross/i686-linux-gnu && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \

ci/containers/debian-sid-cross-mips64el.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
 ar = '/usr/bin/mips64el-linux-gnuabi64-gcc-ar'\n\
 strip = '/usr/bin/mips64el-linux-gnuabi64-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips64'\n\
 cpu = 'mips64el'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64 && \
+endian = 'little'\n" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64 && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \

ci/containers/debian-sid-cross-mipsel.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
 ar = '/usr/bin/mipsel-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/mipsel-linux-gnu-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips'\n\
 cpu = 'mipsel'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu && \
+endian = 'little'\n" > /usr/local/share/meson/cross/mipsel-linux-gnu && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \

ci/containers/debian-sid-cross-ppc64le.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
 ar = '/usr/bin/powerpc64le-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/powerpc64le-linux-gnu-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'ppc64'\n\
 cpu = 'powerpc64le'\n\
-endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu && \
+endian = 'little'\n" > /usr/local/share/meson/cross/powerpc64le-linux-gnu && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \

ci/containers/debian-sid-cross-s390x.Dockerfile

@@ -100,7 +100,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
-    echo "[binaries]\n\
+    printf "[binaries]\n\
 c = '/usr/bin/s390x-linux-gnu-gcc'\n\
 ar = '/usr/bin/s390x-linux-gnu-gcc-ar'\n\
 strip = '/usr/bin/s390x-linux-gnu-strip'\n\
@@ -110,7 +110,7 @@ pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 's390x'\n\
 cpu = 's390x'\n\
-endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu && \
+endian = 'big'\n" > /usr/local/share/meson/cross/s390x-linux-gnu && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \

ci/containers/fedora-37.Dockerfile

@@ -4,17 +4,17 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci
 
-FROM registry.fedoraproject.org/fedora:36
+FROM registry.fedoraproject.org/fedora:37
 
 RUN dnf install -y nosync && \
-    echo -e '#!/bin/sh\n\
+    printf '#!/bin/sh\n\
 if test -d /usr/lib64\n\
 then\n\
     export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
 else\n\
     export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
 fi\n\
-exec "$@"' > /usr/bin/nosync && \
+exec "$@"\n' > /usr/bin/nosync && \
     chmod +x /usr/bin/nosync && \
     nosync dnf update -y && \
     nosync dnf install -y \

ci/containers/fedora-38-cross-mingw32.Dockerfile

@@ -4,17 +4,17 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci
 
-FROM registry.fedoraproject.org/fedora:36
+FROM registry.fedoraproject.org/fedora:38
 
 RUN dnf install -y nosync && \
-    echo -e '#!/bin/sh\n\
+    printf '#!/bin/sh\n\
 if test -d /usr/lib64\n\
 then\n\
     export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
 else\n\
     export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
 fi\n\
-exec "$@"' > /usr/bin/nosync && \
+exec "$@"\n' > /usr/bin/nosync && \
     chmod +x /usr/bin/nosync && \
     nosync dnf update -y && \
     nosync dnf install -y \

ci/containers/fedora-38-cross-mingw64.Dockerfile

@@ -4,17 +4,17 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci
 
-FROM registry.fedoraproject.org/fedora:36
+FROM registry.fedoraproject.org/fedora:38
 
 RUN dnf install -y nosync && \
-    echo -e '#!/bin/sh\n\
+    printf '#!/bin/sh\n\
 if test -d /usr/lib64\n\
 then\n\
     export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
 else\n\
     export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
 fi\n\
-exec "$@"' > /usr/bin/nosync && \
+exec "$@"\n' > /usr/bin/nosync && \
     chmod +x /usr/bin/nosync && \
     nosync dnf update -y && \
     nosync dnf install -y \

ci/containers/fedora-38.Dockerfile

@@ -4,17 +4,17 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci
 
-FROM registry.fedoraproject.org/fedora:35
+FROM registry.fedoraproject.org/fedora:38
 
 RUN dnf install -y nosync && \
-    echo -e '#!/bin/sh\n\
+    printf '#!/bin/sh\n\
 if test -d /usr/lib64\n\
 then\n\
     export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
 else\n\
     export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
 fi\n\
-exec "$@"' > /usr/bin/nosync && \
+exec "$@"\n' > /usr/bin/nosync && \
     chmod +x /usr/bin/nosync && \
     nosync dnf update -y && \
     nosync dnf install -y \
@@ -69,7 +69,6 @@ exec "$@"' > /usr/bin/nosync && \
                lvm2 \
                make \
                meson \
-               netcf-devel \
                nfs-utils \
                ninja-build \
                numactl-devel \

ci/containers/fedora-rawhide-cross-mingw32.Dockerfile

@@ -8,14 +8,14 @@ FROM registry.fedoraproject.org/fedora:rawhide
 
 RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
     dnf install -y nosync && \
-    echo -e '#!/bin/sh\n\
+    printf '#!/bin/sh\n\
 if test -d /usr/lib64\n\
 then\n\
     export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
 else\n\
     export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
 fi\n\
-exec "$@"' > /usr/bin/nosync && \
+exec "$@"\n' > /usr/bin/nosync && \
     chmod +x /usr/bin/nosync && \
     nosync dnf distro-sync -y && \
     nosync dnf install -y \

ci/containers/fedora-rawhide-cross-mingw64.Dockerfile

@@ -8,14 +8,14 @@ FROM registry.fedoraproject.org/fedora:rawhide
 
 RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
     dnf install -y nosync && \
-    echo -e '#!/bin/sh\n\
+    printf '#!/bin/sh\n\
 if test -d /usr/lib64\n\
 then\n\
     export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
 else\n\
     export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
 fi\n\
-exec "$@"' > /usr/bin/nosync && \
+exec "$@"\n' > /usr/bin/nosync && \
     chmod +x /usr/bin/nosync && \
     nosync dnf distro-sync -y && \
     nosync dnf install -y \

ci/containers/fedora-rawhide.Dockerfile

@@ -8,14 +8,14 @@ FROM registry.fedoraproject.org/fedora:rawhide
 
 RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
     dnf install -y nosync && \
-    echo -e '#!/bin/sh\n\
+    printf '#!/bin/sh\n\
 if test -d /usr/lib64\n\
 then\n\
     export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
 else\n\
     export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
 fi\n\
-exec "$@"' > /usr/bin/nosync && \
+exec "$@"\n' > /usr/bin/nosync && \
     chmod +x /usr/bin/nosync && \
     nosync dnf distro-sync -y && \
     nosync dnf install -y \

ci/containers/opensuse-leap-15.Dockerfile

@@ -4,7 +4,7 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci
 
-FROM registry.opensuse.org/opensuse/leap:15.3
+FROM registry.opensuse.org/opensuse/leap:15.4
 
 RUN zypper update -y && \
     zypper install -y \
@@ -60,6 +60,7 @@ RUN zypper update -y && \
            libyajl-devel \
            lvm2 \
            make \
+           meson \
            nfs-utils \
            ninja \
            numad \
@@ -71,9 +72,6 @@ RUN zypper update -y && \
            python3-base \
            python3-docutils \
            python3-flake8 \
-           python3-pip \
-           python3-setuptools \
-           python3-wheel \
            qemu-tools \
            readline-devel \
            rpcgen \
@@ -92,8 +90,6 @@ RUN zypper update -y && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
-RUN /usr/bin/pip3 install meson==0.56.0
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"
 ENV MAKE "/usr/bin/make"

ci/gitlab.yml

@@ -14,6 +14,12 @@
 #    created/updated. Setting this variable to a non-empty
 #    value allows CI testing prior to opening a merge request.
 #
+#  - RUN_PIPELINE_UPSTREAM_ENV - same semantics as RUN_PIPELINE,
+#    but uses the CI environment (containers) from the upstream project
+#    rather than creating and updating a throwaway environment
+#    Should not be used if the pushed branch includes CI container
+#    changes.
+#
 #  - RUN_CONTAINER_BUILDS - CI pipelines in upstream only
 #    publish containers if CI file changes are detected.
 #    Setting this variable to a non-empty value will force
@@ -44,6 +50,7 @@
 
 variables:
   RUN_UPSTREAM_NAMESPACE: libvirt
+  FF_SCRIPT_SECTIONS: 1
 
 
 workflow:
@@ -67,6 +74,7 @@ workflow:
 debug:
   image: docker.io/library/alpine:3
   stage: sanity_checks
+  interruptible: true
   needs: []
   script:
     - printenv | sort

ci/gitlab/build-templates.yml

@@ -9,14 +9,14 @@
 # We use pre-built containers for any pipelines that are:
 #
 #  - Validating code committed on default upstream branch
-#  - Validating patches targetting default upstream branch
+#  - Validating patches targeting default upstream branch
 #    which do not have CI changes
 #
 # We use a local build env for any pipelines that are:
 #
 #  - Validating code committed to a non-default upstream branch
-#  - Validating patches targetting a non-default upstream branch
-#  - Validating patches targetting default upstream branch which
+#  - Validating patches targeting a non-default upstream branch
+#  - Validating patches targeting default upstream branch which
 #    include CI changes
 #  - Validating code committed to a fork branch
 #
@@ -26,6 +26,7 @@
 .gitlab_native_build_job_prebuilt_env:
   image: $CI_REGISTRY/$RUN_UPSTREAM_NAMESPACE/libvirt/ci-$NAME:latest
   stage: builds
+  interruptible: true
   before_script:
     - cat /packages.txt
   rules:
@@ -36,14 +37,21 @@
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
       when: on_success
 
-    # upstream: other web/api/scheduled pipelines targetting the default branch
+    # forks: pushes to a branch when a pipeline run in upstream env is explicitly requested
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV && $JOB_OPTIONAL'
+      when: manual
+      allow_failure: true
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV'
+      when: on_success
+
+    # upstream: other web/api/scheduled pipelines targeting the default branch
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
       when: on_success
 
-    # upstream+forks: merge requests targetting the default branch, without CI changes
+    # upstream+forks: merge requests targeting the default branch, without CI changes
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH'
       changes:
         - ci/gitlab/container-templates.yml
@@ -61,6 +69,7 @@
 .gitlab_native_build_job_local_env:
   image: $IMAGE
   stage: builds
+  interruptible: true
   before_script:
     - source ci/buildenv/$NAME.sh
     - install_buildenv
@@ -73,13 +82,18 @@
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH'
       when: on_success
 
+    # forks: avoid build in local env when job requests run in upstream containers
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV'
+      when: never
+
+    # forks: pushes to branches with pipeline requested
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE'
       when: on_success
 
-    # upstream: other web/api/scheduled pipelines targetting non-default branches
+    # upstream: other web/api/scheduled pipelines targeting non-default branches
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
@@ -93,7 +107,7 @@
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/'
       when: on_success
 
-    # upstream+forks: merge requests targetting the default branch, with CI changes
+    # upstream+forks: merge requests targeting the default branch, with CI changes
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       changes:
         - ci/gitlab/container-templates.yml
@@ -106,7 +120,7 @@
         - ci/containers/$NAME.Dockerfile
       when: on_success
 
-    # upstream+forks: merge requests targetting non-default branches
+    # upstream+forks: merge requests targeting non-default branches
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
@@ -121,14 +135,14 @@
 # We use pre-built containers for any pipelines that are:
 #
 #  - Validating code committed on default upstream branch
-#  - Validating patches targetting default upstream branch
+#  - Validating patches targeting default upstream branch
 #    which do not have CI changes
 #
 # We use a local build env for any pipelines that are:
 #
 #  - Validating code committed to a non-default upstream branch
-#  - Validating patches targetting a non-default upstream branch
-#  - Validating patches targetting default upstream branch which
+#  - Validating patches targeting a non-default upstream branch
+#  - Validating patches targeting default upstream branch which
 #    include CI changes
 #  - Validating code committed to a fork branch
 #
@@ -138,6 +152,7 @@
 .gitlab_cross_build_job_prebuilt_env:
   image: $CI_REGISTRY/$RUN_UPSTREAM_NAMESPACE/libvirt/ci-$NAME-cross-$CROSS:latest
   stage: builds
+  interruptible: true
   before_script:
     - cat /packages.txt
   rules:
@@ -148,18 +163,25 @@
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
       when: on_success
 
-    # upstream: other web/api/scheduled pipelines targetting the default branch
+    # forks: pushes to a branch when a pipeline run in upstream env is explicitly requested
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV && $JOB_OPTIONAL'
+      when: manual
+      allow_failure: true
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV'
+      when: on_success
+
+    # upstream: other web/api/scheduled pipelines targeting the default branch
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
       when: on_success
 
-    # upstream+forks: merge requests targetting the default branch, without CI changes
+    # upstream+forks: merge requests targeting the default branch, without CI changes
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH'
       changes:
         - ci/gitlab/container-templates.yml
-        - ci/containers/$NAME.Dockerfile
+        - ci/containers/$NAME-cross-$CROSS.Dockerfile
       when: never
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
@@ -173,8 +195,9 @@
 .gitlab_cross_build_job_local_env:
   image: $IMAGE
   stage: builds
+  interruptible: true
   before_script:
-    - source ci/buildenv/$NAME.sh
+    - source ci/buildenv/$NAME-cross-$CROSS.sh
     - install_buildenv
     - cat /packages.txt
   rules:
@@ -185,13 +208,18 @@
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH'
       when: on_success
 
+    # forks: avoid build in local env when job requests run in upstream containers
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV'
+      when: never
+
+    # forks: pushes to branches with pipeline requested
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE'
       when: on_success
 
-    # upstream: other web/api/scheduled pipelines targetting non-default branches
+    # upstream: other web/api/scheduled pipelines targeting non-default branches
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
@@ -205,20 +233,20 @@
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/'
       when: on_success
 
-    # upstream+forks: merge requests targetting the default branch, with CI changes
+    # upstream+forks: merge requests targeting the default branch, with CI changes
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       changes:
         - ci/gitlab/container-templates.yml
-        - ci/containers/$NAME.Dockerfile
+        - ci/containers/$NAME-cross-$CROSS.Dockerfile
       when: manual
       allow_failure: true
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH'
       changes:
         - ci/gitlab/container-templates.yml
-        - ci/containers/$NAME.Dockerfile
+        - ci/containers/$NAME-cross-$CROSS.Dockerfile
       when: on_success
 
-    # upstream+forks: merge requests targetting non-default branches
+    # upstream+forks: merge requests targeting non-default branches
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
@@ -231,12 +259,14 @@
 
 .cirrus_build_job:
   stage: builds
-  image: registry.gitlab.com/libvirt/libvirt-ci/cirrus-run:master
+  image: registry.gitlab.com/libvirt/libvirt-ci/cirrus-run:latest
+  interruptible: true
   needs: []
   script:
     - source ci/cirrus/$NAME.vars
     - sed -e "s|[@]CI_REPOSITORY_URL@|$CI_REPOSITORY_URL|g"
           -e "s|[@]CI_COMMIT_REF_NAME@|$CI_COMMIT_REF_NAME|g"
+          -e "s|[@]CI_MERGE_REQUEST_REF_PATH@|$CI_MERGE_REQUEST_REF_PATH|g"
           -e "s|[@]CI_COMMIT_SHA@|$CI_COMMIT_SHA|g"
           -e "s|[@]CIRRUS_VM_INSTANCE_TYPE@|$CIRRUS_VM_INSTANCE_TYPE|g"
           -e "s|[@]CIRRUS_VM_IMAGE_SELECTOR@|$CIRRUS_VM_IMAGE_SELECTOR|g"
@@ -267,12 +297,17 @@
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push"'
       when: on_success
 
-    # forks: pushes to branches with pipeline requested
+    # forks: pushes to branches with pipeline requested (including pipeline in upstream environment)
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE'
       when: on_success
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV && $JOB_OPTIONAL'
+      when: manual
+      allow_failure: true
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV'
+      when: on_success
 
     # upstream+forks: Run pipelines on MR, web, api & scheduled
     - if: '$CI_PIPELINE_SOURCE =~ /(web|api|schedule|merge_request_event)/ && $JOB_OPTIONAL'

ci/gitlab/builds.yml

@@ -51,22 +51,22 @@ x86_64-almalinux-8-clang-local-env:
     RPM: skip
 
 
-x86_64-alpine-315-prebuilt-env:
+x86_64-alpine-317-prebuilt-env:
   extends: .native_build_job_prebuilt_env
   needs:
-    - job: x86_64-alpine-315-container
+    - job: x86_64-alpine-317-container
       optional: true
   allow_failure: false
   variables:
-    NAME: alpine-315
+    NAME: alpine-317
 
-x86_64-alpine-315-local-env:
+x86_64-alpine-317-local-env:
   extends: .native_build_job_local_env
   needs: []
   allow_failure: false
   variables:
-    IMAGE: docker.io/library/alpine:3.15
-    NAME: alpine-315
+    IMAGE: docker.io/library/alpine:3.17
+    NAME: alpine-317
 
 
 x86_64-alpine-edge-prebuilt-env:
@@ -193,52 +193,52 @@ x86_64-debian-sid-local-env:
     NAME: debian-sid
 
 
-x86_64-fedora-35-prebuilt-env:
+x86_64-fedora-37-prebuilt-env:
   extends: .native_build_job_prebuilt_env
   needs:
-    - job: x86_64-fedora-35-container
+    - job: x86_64-fedora-37-container
       optional: true
   allow_failure: false
   variables:
-    NAME: fedora-35
+    NAME: fedora-37
   artifacts:
     expire_in: 1 day
     paths:
       - libvirt-rpms
 
-x86_64-fedora-35-local-env:
+x86_64-fedora-37-local-env:
   extends: .native_build_job_local_env
   needs: []
   allow_failure: false
   variables:
-    IMAGE: registry.fedoraproject.org/fedora:35
-    NAME: fedora-35
+    IMAGE: registry.fedoraproject.org/fedora:37
+    NAME: fedora-37
   artifacts:
     expire_in: 1 day
     paths:
       - libvirt-rpms
 
 
-x86_64-fedora-36-prebuilt-env:
+x86_64-fedora-38-prebuilt-env:
   extends: .native_build_job_prebuilt_env
   needs:
-    - job: x86_64-fedora-36-container
+    - job: x86_64-fedora-38-container
       optional: true
   allow_failure: false
   variables:
-    NAME: fedora-36
+    NAME: fedora-38
   artifacts:
     expire_in: 1 day
     paths:
       - libvirt-rpms
 
-x86_64-fedora-36-local-env:
+x86_64-fedora-38-local-env:
   extends: .native_build_job_local_env
   needs: []
   allow_failure: false
   variables:
-    IMAGE: registry.fedoraproject.org/fedora:36
-    NAME: fedora-36
+    IMAGE: registry.fedoraproject.org/fedora:38
+    NAME: fedora-38
   artifacts:
     expire_in: 1 day
     paths:
@@ -285,23 +285,23 @@ x86_64-fedora-rawhide-clang-local-env:
     RPM: skip
 
 
-x86_64-opensuse-leap-153-prebuilt-env:
+x86_64-opensuse-leap-15-prebuilt-env:
   extends: .native_build_job_prebuilt_env
   needs:
-    - job: x86_64-opensuse-leap-153-container
+    - job: x86_64-opensuse-leap-15-container
       optional: true
   allow_failure: false
   variables:
-    NAME: opensuse-leap-153
+    NAME: opensuse-leap-15
     RPM: skip
 
-x86_64-opensuse-leap-153-local-env:
+x86_64-opensuse-leap-15-local-env:
   extends: .native_build_job_local_env
   needs: []
   allow_failure: false
   variables:
-    IMAGE: registry.opensuse.org/opensuse/leap:15.3
-    NAME: opensuse-leap-153
+    IMAGE: registry.opensuse.org/opensuse/leap:15.4
+    NAME: opensuse-leap-15
     RPM: skip
 
 
@@ -746,46 +746,46 @@ s390x-debian-sid-local-env:
     NAME: debian-sid
 
 
-mingw32-fedora-36-prebuilt-env:
+mingw32-fedora-38-prebuilt-env:
   extends: .cross_build_job_prebuilt_env
   needs:
-    - job: mingw32-fedora-36-container
+    - job: mingw32-fedora-38-container
       optional: true
   allow_failure: false
   variables:
     CROSS: mingw32
     JOB_OPTIONAL: 1
-    NAME: fedora-36
+    NAME: fedora-38
 
-mingw32-fedora-36-local-env:
+mingw32-fedora-38-local-env:
   extends: .cross_build_job_local_env
   needs: []
   allow_failure: false
   variables:
     CROSS: mingw32
-    IMAGE: registry.fedoraproject.org/fedora:36
+    IMAGE: registry.fedoraproject.org/fedora:38
     JOB_OPTIONAL: 1
-    NAME: fedora-36
+    NAME: fedora-38
 
 
-mingw64-fedora-36-prebuilt-env:
+mingw64-fedora-38-prebuilt-env:
   extends: .cross_build_job_prebuilt_env
   needs:
-    - job: mingw64-fedora-36-container
+    - job: mingw64-fedora-38-container
       optional: true
   allow_failure: false
   variables:
     CROSS: mingw64
-    NAME: fedora-36
+    NAME: fedora-38
 
-mingw64-fedora-36-local-env:
+mingw64-fedora-38-local-env:
   extends: .cross_build_job_local_env
   needs: []
   allow_failure: false
   variables:
     CROSS: mingw64
-    IMAGE: registry.fedoraproject.org/fedora:36
-    NAME: fedora-36
+    IMAGE: registry.fedoraproject.org/fedora:38
+    NAME: fedora-38
 
 
 mingw32-fedora-rawhide-prebuilt-env:
@@ -837,7 +837,7 @@ x86_64-freebsd-12:
   needs: []
   allow_failure: false
   variables:
-    CIRRUS_VM_IMAGE_NAME: freebsd-12-3
+    CIRRUS_VM_IMAGE_NAME: freebsd-12-4
     CIRRUS_VM_IMAGE_SELECTOR: image_family
     CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
     INSTALL_COMMAND: pkg install -y
@@ -860,14 +860,14 @@ x86_64-freebsd-13:
     UPGRADE_COMMAND: pkg upgrade -y
 
 
-x86_64-macos-12:
+aarch64-macos-12:
   extends: .cirrus_build_job
   needs: []
   allow_failure: false
   variables:
-    CIRRUS_VM_IMAGE_NAME: monterey-base
+    CIRRUS_VM_IMAGE_NAME: ghcr.io/cirruslabs/macos-monterey-base:latest
     CIRRUS_VM_IMAGE_SELECTOR: image
-    CIRRUS_VM_INSTANCE_TYPE: osx_instance
+    CIRRUS_VM_INSTANCE_TYPE: macos_instance
     INSTALL_COMMAND: brew install
     NAME: macos-12
     PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin:/usr/local/opt/libpcap/bin:/usr/local/opt/libxslt/bin:/usr/local/opt/rpcgen/bin

ci/gitlab/container-templates.yml

@@ -14,8 +14,9 @@
 # Note: never publish from merge requests since they have non-committed code
 #
 .container_job:
-  image: docker:stable
+  image: docker:latest
   stage: containers
+  interruptible: false
   needs: []
   services:
     - docker:dind

ci/gitlab/containers.yml

@@ -14,11 +14,11 @@ x86_64-almalinux-8-container:
     NAME: almalinux-8
 
 
-x86_64-alpine-315-container:
+x86_64-alpine-317-container:
   extends: .container_job
   allow_failure: false
   variables:
-    NAME: alpine-315
+    NAME: alpine-317
 
 
 x86_64-alpine-edge-container:
@@ -56,18 +56,18 @@ x86_64-debian-sid-container:
     NAME: debian-sid
 
 
-x86_64-fedora-35-container:
+x86_64-fedora-37-container:
   extends: .container_job
   allow_failure: false
   variables:
-    NAME: fedora-35
+    NAME: fedora-37
 
 
-x86_64-fedora-36-container:
+x86_64-fedora-38-container:
   extends: .container_job
   allow_failure: false
   variables:
-    NAME: fedora-36
+    NAME: fedora-38
 
 
 x86_64-fedora-rawhide-container:
@@ -77,11 +77,11 @@ x86_64-fedora-rawhide-container:
     NAME: fedora-rawhide
 
 
-x86_64-opensuse-leap-153-container:
+x86_64-opensuse-leap-15-container:
   extends: .container_job
   allow_failure: false
   variables:
-    NAME: opensuse-leap-153
+    NAME: opensuse-leap-15
 
 
 x86_64-opensuse-tumbleweed-container:
@@ -235,19 +235,19 @@ s390x-debian-sid-container:
     NAME: debian-sid-cross-s390x
 
 
-mingw32-fedora-36-container:
+mingw32-fedora-38-container:
   extends: .container_job
   allow_failure: false
   variables:
     JOB_OPTIONAL: 1
-    NAME: fedora-36-cross-mingw32
+    NAME: fedora-38-cross-mingw32
 
 
-mingw64-fedora-36-container:
+mingw64-fedora-38-container:
   extends: .container_job
   allow_failure: false
   variables:
-    NAME: fedora-36-cross-mingw64
+    NAME: fedora-38-cross-mingw64
 
 
 mingw32-fedora-rawhide-container:

ci/gitlab/sanity-checks.yml

@@ -8,7 +8,8 @@
 check-dco:
   stage: sanity_checks
   needs: []
-  image: registry.gitlab.com/libvirt/libvirt-ci/check-dco:master
+  image: registry.gitlab.com/libvirt/libvirt-ci/check-dco:latest
+  interruptible: true
   script:
     - /check-dco "$RUN_UPSTREAM_NAMESPACE"
   rules:
@@ -16,9 +17,11 @@ check-dco:
     - if: '$CI_PIPELINE_SOURCE =~ "merge_request_event"'
       when: on_success
 
-    # forks: pushes to branches with pipeline requested
+    # forks: pushes to branches with pipeline requested (including upstream env pipelines)
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH && $RUN_PIPELINE'
       when: on_success
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH && $RUN_PIPELINE_UPSTREAM_ENV'
+      when: on_success
 
     # upstream+forks: that's all folks
     - when: never

ci/integration-template.yml

@@ -26,6 +26,8 @@
 
 .install-deps: &install-deps
   - sudo dnf install -y libvirt-rpms/* libvirt-perl-rpms/* libvirt-python-rpms/*
+
+  # Avocado >98.0 fails with the nwfilter TCK tests, so stick with 98.0 for now
   - sudo pip3 install --prefix=/usr avocado-framework
 
 
@@ -92,6 +94,7 @@
     SCRATCH_DIR: "/tmp/scratch"
   artifacts:
     name: logs
+    expire_in: 1 day
     paths:
       - logs
     when: on_failure

ci/integration.yml

@@ -81,121 +81,121 @@ centos-stream-9-tests-local-env:
       artifacts: true
 
 
-.fedora-35-tests:
+.fedora-37-tests:
   variables:
     # needed by libvirt-gitlab-executor
-    DISTRO: fedora-35
+    DISTRO: fedora-37
     # can be overridden in forks to set a different runner tag
     LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host
   tags:
     - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG
 
-fedora-35-tests-prebuilt-env:
+fedora-37-tests-prebuilt-env:
   extends:
     - .integration_tests_prebuilt_env
-    - .fedora-35-tests
+    - .fedora-37-tests
   needs:
-    - x86_64-fedora-35-prebuilt-env
+    - x86_64-fedora-37-prebuilt-env
     - project: libvirt/libvirt-perl
-      job: x86_64-fedora-35-prebuilt-env
+      job: x86_64-fedora-37-prebuilt-env
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-fedora-35-prebuilt-env
+      job: x86_64-fedora-37-prebuilt-env
       ref: master
       artifacts: true
 
-fedora-35-tests-local-env:
+fedora-37-tests-local-env:
   extends:
     - .integration_tests_local_env
-    - .fedora-35-tests
+    - .fedora-37-tests
   needs:
-    - x86_64-fedora-35-local-env
+    - x86_64-fedora-37-local-env
     - project: libvirt/libvirt-perl
-      job: x86_64-fedora-35-prebuilt-env
+      job: x86_64-fedora-37-prebuilt-env
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-fedora-35-prebuilt-env
+      job: x86_64-fedora-37-prebuilt-env
       ref: master
       artifacts: true
 
 
-.fedora-36-tests:
+.fedora-38-tests:
   variables:
     # needed by libvirt-gitlab-executor
-    DISTRO: fedora-36
+    DISTRO: fedora-38
     # can be overridden in forks to set a different runner tag
     LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host
   tags:
     - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG
 
-fedora-36-tests-prebuilt-env:
+fedora-38-tests-prebuilt-env:
   extends:
     - .integration_tests_prebuilt_env
-    - .fedora-36-tests
+    - .fedora-38-tests
   needs:
-    - x86_64-fedora-36-prebuilt-env
+    - x86_64-fedora-38-prebuilt-env
     - project: libvirt/libvirt-perl
-      job: x86_64-fedora-36-prebuilt-env
+      job: x86_64-fedora-38-prebuilt-env
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-fedora-36-prebuilt-env
+      job: x86_64-fedora-38-prebuilt-env
       ref: master
       artifacts: true
 
-fedora-36-tests-local-env:
+fedora-38-tests-local-env:
   extends:
     - .integration_tests_local_env
-    - .fedora-36-tests
+    - .fedora-38-tests
   needs:
-    - x86_64-fedora-36-local-env
+    - x86_64-fedora-38-local-env
     - project: libvirt/libvirt-perl
-      job: x86_64-fedora-36-prebuilt-env
+      job: x86_64-fedora-38-prebuilt-env
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-fedora-36-prebuilt-env
+      job: x86_64-fedora-38-prebuilt-env
       ref: master
       artifacts: true
 
 
-.fedora-36-upstream-qemu-tests:
+.fedora-38-upstream-qemu-tests:
   variables:
     # needed by libvirt-gitlab-executor
-    DISTRO: fedora-36
+    DISTRO: fedora-38
     # can be overridden in forks to set a different runner tag
     LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host
   tags:
     - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG
 
-fedora-36-upstream-qemu-tests-prebuilt-env:
+fedora-38-upstream-qemu-tests-prebuilt-env:
   extends:
     - .integration_tests_prebuilt_env
-    - .fedora-36-upstream-qemu-tests
+    - .fedora-38-upstream-qemu-tests
   needs:
-    - x86_64-fedora-36-prebuilt-env
+    - x86_64-fedora-38-prebuilt-env
     - project: libvirt/libvirt-perl
-      job: x86_64-fedora-36-prebuilt-env
+      job: x86_64-fedora-38-prebuilt-env
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-fedora-36-prebuilt-env
+      job: x86_64-fedora-38-prebuilt-env
       ref: master
       artifacts: true
 
-fedora-36-upstream-qemu-tests-local-env:
+fedora-38-upstream-qemu-tests-local-env:
   extends:
     - .integration_tests_local_env
-    - .fedora-36-upstream-qemu-tests
+    - .fedora-38-upstream-qemu-tests
   needs:
-    - x86_64-fedora-36-local-env
+    - x86_64-fedora-38-local-env
     - project: libvirt/libvirt-perl
-      job: x86_64-fedora-36-prebuilt-env
+      job: x86_64-fedora-38-prebuilt-env
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-fedora-36-prebuilt-env
+      job: x86_64-fedora-38-prebuilt-env
       ref: master
       artifacts: true

ci/manifest.yml

@@ -19,7 +19,7 @@ targets:
           RPM: skip
           CC: clang
 
-  alpine-315: x86_64
+  alpine-317: x86_64
 
   alpine-edge:
     jobs:
@@ -116,7 +116,7 @@ targets:
         containers: false
         builds: false
 
-  fedora-35:
+  fedora-37:
     jobs:
       - arch: x86_64
         artifacts:
@@ -124,7 +124,7 @@ targets:
           paths:
             - libvirt-rpms
 
-  fedora-36:
+  fedora-38:
     jobs:
       - arch: x86_64
         artifacts:
@@ -160,7 +160,7 @@ targets:
 
   freebsd-13: x86_64
 
-  opensuse-leap-153:
+  opensuse-leap-15:
     jobs:
       - arch: x86_64
         variables:
@@ -175,7 +175,7 @@ targets:
 
   macos-12:
     jobs:
-      - arch: x86_64
+      - arch: aarch64
         variables:
           PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin:/usr/local/opt/libpcap/bin:/usr/local/opt/libxslt/bin:/usr/local/opt/rpcgen/bin
           PKG_CONFIG_PATH: /usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/libpcap/lib/pkgconfig:/usr/local/opt/libxml2/lib/pkgconfig:/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/readline/lib/pkgconfig

ci/util.py

@@ -1,8 +1,7 @@
 import json
 import pathlib
-import urllib.request
 import urllib.parse
-
+import urllib.request
 from typing import Dict, List
 
 

docs/404.html.in

@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>404 page not found</h1>
-
-    <p>
-      Someone appears to have eaten the <del>penguin</del>
-      page you were looking for. You might want to try
-    </p>
-    <ul>
-      <li>going back to the <a href="https://libvirt.org/">home page</a> to find
-        a collection of links to interesting pages on this site</li>
-      <li>using the search box at the top right corner of the screen to
-        locate the content on this site or mailing list archives</li>
-    </ul>
-
-  </body>
-</html>

docs/404.rst

@@ -0,0 +1,16 @@
+==================
+404 page not found
+==================
+
+.. role:: del
+   :class: del
+
+.. contents::
+
+Someone appears to have eaten the :del:`penguin` page you were looking
+for. You might want to try
+
+* going back to the `home page <https://libvirt.org/>`_ to find a collection
+  of links to interesting pages on this site
+* using the search box at the top right corner of the screen to
+  locate the content on this site or mailing list archives

docs/acl.html.in

@@ -1,100 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Client access control</h1>
-    <p>
-      Libvirt's client access control framework allows administrators
-      to setup fine grained permission rules across client users,
-      managed objects and API operations. This allows client connections
-      to be locked down to a minimal set of privileges.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="intro">Access control introduction</a></h2>
-
-    <p>
-      In a default configuration, the libvirtd daemon has three levels
-      of access control. All connections start off in an unauthenticated
-      state, where the only API operations allowed are those required
-      to complete authentication. After successful authentication, a
-      connection either has full, unrestricted access to all libvirt
-      API calls, or is locked down to only "read only" operations,
-      according to what socket a client connection originated on.
-    </p>
-
-    <p>
-      The access control framework allows authenticated connections to
-      have fine grained permission rules to be defined by the administrator.
-      Every API call in libvirt has a set of permissions that will
-      be validated against the object being used. For example, the
-      <code>virDomainSetSchedulerParametersFlags</code> method will
-      check whether the client user has the <code>write</code>
-      permission on the <code>domain</code> object instance passed
-      in as a parameter. Further permissions will also be checked
-      if certain flags are set in the API call. In addition to
-      checks on the object passed in to an API call, some methods
-      will filter their results. For example the <code>virConnectListAllDomains</code>
-      method will check the <code>search_domains</code> on the <code>connect</code>
-      object, but will also filter the returned <code>domain</code>
-      objects to only those on which the client user has the
-      <code>getattr</code> permission.
-    </p>
-
-    <h2><a id="drivers">Access control drivers</a></h2>
-
-    <p>
-      The access control framework is designed as a pluggable
-      system to enable future integration with arbitrary access
-      control technologies. By default, the <code>none</code>
-      driver is used, which does no access control checks at
-      all. At this time, libvirt ships with support for using
-      <a href="https://www.freedesktop.org/wiki/Software/polkit/">polkit</a> as a real access
-      control driver. To learn how to use the polkit access
-      driver consult <a href="aclpolkit.html">the configuration
-      docs</a>.
-    </p>
-
-    <p>
-      The access driver is configured in the <code>libvirtd.conf</code>
-      configuration file, using the <code>access_drivers</code>
-      parameter. This parameter accepts an array of access control
-      driver names. If more than one access driver is requested,
-      then all must succeed in order for access to be granted.
-      To enable 'polkit' as the driver:
-    </p>
-
-    <pre>
-# augtool -s set '/files/etc/libvirt/libvirtd.conf/access_drivers[1]' polkit
-    </pre>
-
-    <p>
-      And to reset back to the default (no-op) driver
-    </p>
-
-
-    <pre>
-# augtool -s rm /files/etc/libvirt/libvirtd.conf/access_drivers
-    </pre>
-
-    <p>
-      <strong>Note:</strong> changes to libvirtd.conf require that
-      the libvirtd daemon be restarted.
-    </p>
-
-    <h2><a id="perms">Objects and permissions</a></h2>
-
-    <p>
-      Libvirt applies access control to all the main object
-      types in its API. Each object type, in turn, has a set
-      of permissions defined. To determine what permissions
-      are checked for specific API call, consult the
-      <a href="html/index.html">API reference manual</a>
-      documentation for the API in question.
-    </p>
-
-    <div id="include" filename="aclperms.htmlinc"/>
-
-  </body>
-</html>

docs/acl.rst

@@ -0,0 +1,76 @@
+=====================
+Client access control
+=====================
+
+Libvirt's client access control framework allows administrators to setup fine
+grained permission rules across client users, managed objects and API
+operations. This allows client connections to be locked down to a minimal set of
+privileges.
+
+.. contents::
+
+Access control introduction
+---------------------------
+
+In a default configuration, the libvirtd daemon has three levels of access
+control. All connections start off in an unauthenticated state, where the only
+API operations allowed are those required to complete authentication. After
+successful authentication, a connection either has full, unrestricted access to
+all libvirt API calls, or is locked down to only "read only" (see 'Anonymous' in
+the table below) operations, according to what socket a client connection
+originated on.
+
+The access control framework allows authenticated connections to have fine
+grained permission rules to be defined by the administrator. Every API call in
+libvirt has a set of permissions that will be validated against the object being
+used. For example, the ``virDomainSetSchedulerParametersFlags`` method will
+check whether the client user has the ``write`` permission on the ``domain``
+object instance passed in as a parameter. Further permissions will also be
+checked if certain flags are set in the API call. In addition to checks on the
+object passed in to an API call, some methods will filter their results. For
+example the ``virConnectListAllDomains`` method will check the
+``search_domains`` on the ``connect`` object, but will also filter the returned
+``domain`` objects to only those on which the client user has the ``getattr``
+permission.
+
+Access control drivers
+----------------------
+
+The access control framework is designed as a pluggable system to enable future
+integration with arbitrary access control technologies. By default, the ``none``
+driver is used, which does no access control checks at all. At this time,
+libvirt ships with support for using
+`polkit <https://www.freedesktop.org/wiki/Software/polkit/>`__ as a real access
+control driver. To learn how to use the polkit access driver consult `the
+configuration docs <aclpolkit.html>`__.
+
+The access driver is configured in the ``libvirtd.conf`` configuration file,
+using the ``access_drivers`` parameter. This parameter accepts an array of
+access control driver names. If more than one access driver is requested, then
+all must succeed in order for access to be granted. To enable 'polkit' as the
+driver:
+
+::
+
+   # augtool -s set '/files/etc/libvirt/libvirtd.conf/access_drivers[1]' polkit
+
+And to reset back to the default (no-op) driver
+
+::
+
+   # augtool -s rm /files/etc/libvirt/libvirtd.conf/access_drivers
+
+**Note:** changes to libvirtd.conf require that the libvirtd daemon be
+restarted.
+
+Objects and permissions
+-----------------------
+
+Libvirt applies access control to all the main object types in its API. Each
+object type, in turn, has a set of permissions defined. To determine what
+permissions are checked for specific API call, consult the `API reference
+manual <html/index.html>`__ documentation for the API in question.
+
+.. raw:: html
+
+   <div id="include" filename="aclperms.htmlinc"/>

docs/aclpolkit.rst

@@ -26,7 +26,7 @@ the operations a user may perform on an object.
 Permission names
 ----------------
 
-The libvirt `object names and permission names <acl.html#perms>`__ are
+The libvirt `object names and permission names <acl.html#objects-and-permissions>`__ are
 mapped onto polkit action names using the simple pattern:
 
 ::

docs/apps.rst

@@ -70,6 +70,9 @@ virsh
    Virt-Lightning uses libvirt, cloud-init and libguestfs to allow
    anyone to quickly start a new VM. Very much like a container CLI, but
    with a virtual machine.
+`vms <https://github.com/cbosdo/vms>`__
+   vms is a tool wrapping around the libvirt API to manage multiple virtual
+   machines at once with name patterns.
 
 Configuration Management
 ------------------------
@@ -202,7 +205,7 @@ Libraries
 `Ruby Libvirt Object bindings <https://github.com/ohadlevy/virt#readme>`__
    Allows using simple ruby objects to manipulate hypervisors, guests,
    storage, network etc. It is based on top of the `native ruby
-   bindings <https://libvirt.org/ruby>`__.
+   bindings <https://ruby.libvirt.org/>`__.
 
 LiveCD / Appliances
 -------------------
@@ -322,6 +325,14 @@ Web applications
    `cockpit-machines <https://github.com/cockpit-project/cockpit-machines>`__
    it can create and manage virtual machines via libvirt.
 
+Backup
+------
+
+`virtnbdbackup <https://github.com/abbbi/virtnbdbackup>`__
+   Backup utility for libvirt, using the latest changed block tracking features:
+   Create online, thin provisioned full and incremental or differential backups
+   of your kvm/qemu virtual machines.
+
 Other
 -----
 

docs/bindings.rst

@@ -12,16 +12,17 @@ other languages:
 -  **Go**: Daniel Berrange develops `Go
    bindings <https://pkg.go.dev/libvirt.org/go/libvirt>`__.
 
--  **Java**: Daniel Veillard develops `Java bindings <java.html>`__.
+-  **Java**: Daniel Veillard develops `Java bindings
+   <https://java.libvirt.org/>`__.
 
 -  **OCaml**: Richard Jones develops `OCaml
-   bindings <https://libvirt.org/ocaml/>`__.
+   bindings <https://ocaml.libvirt.org/>`__.
 
 -  **Perl**: Daniel Berrange develops `Perl
    bindings <https://search.cpan.org/dist/Sys-Virt/>`__.
 
 -  **PHP**: Radek Hladik started developing `PHP
-   bindings <https://libvirt.org/php>`__ in 2010.
+   bindings <https://php.libvirt.org/>`__ in 2010.
 
    In February 2011 the binding development has been moved to the
    libvirt.org website as libvirt-php project.
@@ -29,7 +30,7 @@ other languages:
    The project is now maintained by Michal Novotny and it's heavily
    based on Radek's version. For more information, including information
    on posting patches to libvirt-php, please refer to the `PHP
-   bindings <https://libvirt.org/php>`__ site.
+   bindings <https://php.libvirt.org/>`__ site.
 
 -  **Python**: Libvirt's python bindings are split to a separate
    `package <https://gitlab.com/libvirt/libvirt-python>`__ since version
@@ -47,7 +48,7 @@ other languages:
    page.
 
 -  **Ruby**: Chris Lalancette develops `Ruby
-   bindings <https://libvirt.org/ruby/>`__.
+   bindings <https://ruby.libvirt.org/>`__.
 
 Integration API modules:
 

docs/coding-style.rst

@@ -161,24 +161,24 @@ a single space following them before the opening bracket. E.g.
 
 ::
 
-  if(foo)   // Bad
-  if (foo)  // Good
+  if(foo)   /* Bad */
+  if (foo)  /* Good */
 
 Function implementations must **not** have any whitespace between
 the function name and the opening bracket. E.g.
 
 ::
 
-  int foo (int wizz)  // Bad
-  int foo(int wizz)   // Good
+  int foo (int wizz)  /* Bad */
+  int foo(int wizz)   /* Good */
 
 Function calls must **not** have any whitespace between the
 function name and the opening bracket. E.g.
 
 ::
 
-  bar = foo (wizz);  // Bad
-  bar = foo(wizz);   // Good
+  bar = foo (wizz);  /* Bad */
+  bar = foo(wizz);   /* Good */
 
 Function typedefs must **not** have any whitespace between the
 closing bracket of the function name and opening bracket of the
@@ -186,16 +186,16 @@ arg list. E.g.
 
 ::
 
-  typedef int (*foo) (int wizz);  // Bad
-  typedef int (*foo)(int wizz);   // Good
+  typedef int (*foo) (int wizz);  /* Bad */
+  typedef int (*foo)(int wizz);   /* Good */
 
 There must not be any whitespace immediately following any opening
 bracket, or immediately prior to any closing bracket. E.g.
 
 ::
 
-  int foo( int wizz );  // Bad
-  int foo(int wizz);    // Good
+  int foo( int wizz );  /* Bad */
+  int foo(int wizz);    /* Good */
 
 Commas
 ------
@@ -206,8 +206,8 @@ syntax-check'.
 
 ::
 
-  call(a,b ,c);// Bad
-  call(a, b, c); // Good
+  call(a,b ,c);     /* Bad */
+  call(a, b, c);    /* Good */
 
 When declaring an enum or using a struct initializer that occupies
 more than one line, use a trailing comma. That way, future edits
@@ -225,11 +225,11 @@ C99 allows trailing commas, remember that JSON and XDR do not.
 
   enum {
       VALUE_ONE,
-      VALUE_TWO // Bad
+      VALUE_TWO     /* Bad */
   };
   enum {
       VALUE_THREE,
-      VALUE_FOUR, // Good
+      VALUE_FOUR,   /* Good */
   };
 
 Semicolons
@@ -243,10 +243,10 @@ not enforced, loop counters generally use post-increment.
 
 ::
 
-  for (i = 0 ;i < limit ; ++i) { // Bad
-  for (i = 0; i < limit; i++) { // Good
-  for (;;) { // ok
-  while (1) { // Better
+  for (i = 0 ;i < limit ; ++i) {    /* Bad */
+  for (i = 0; i < limit; i++) {     /* Good */
+  for (;;) {                        /* ok */
+  while (1) {                       /* Better */
 
 Empty loop bodies are better represented with curly braces and a
 comment, although use of a semicolon is not currently rejected.
@@ -254,9 +254,9 @@ comment, although use of a semicolon is not currently rejected.
 ::
 
   while ((rc = waitpid(pid, &st, 0) == -1) &&
-         errno == EINTR); // ok
+         errno == EINTR);           /* ok */
   while ((rc = waitpid(pid, &st, 0) == -1) &&
-         errno == EINTR) { // Better
+         errno == EINTR) {          /* Better */
       /* nothing */
   }
 
@@ -271,19 +271,19 @@ single-\ *statement* loop: each has only one *line* in its body.
 
 ::
 
-  while (expr)             // single line body; {} is optional
+  while (expr)              /* single line body; {} is optional */
       single_line_stmt();
 
 ::
 
   while (expr(arg1,
-              arg2))      // indentation makes it obvious it is single line,
-      single_line_stmt(); // {} is optional (not enforced either way)
+              arg2))        /* indentation makes it obvious it is single line, */
+      single_line_stmt();   /* {} is optional (not enforced either way) */
 
 ::
 
   while (expr1 &&
-         expr2) {         // multi-line, at same indentation, {} required
+         expr2) {           /* multi-line, at same indentation, {} required */
       single_line_stmt();
   }
 
@@ -295,7 +295,7 @@ braces), thinking it is already a multi-statement loop:
 
 ::
 
-  while (true) // BAD! multi-line body with no braces
+  while (true)              /* BAD! multi-line body with no braces */
       /* comment... */
       single_line_stmt();
 
@@ -303,7 +303,7 @@ Do this instead:
 
 ::
 
-  while (true) { // Always put braces around a multi-line body.
+  while (true) {            /* Always put braces around a multi-line body. */
       /* comment... */
       single_line_stmt();
   }
@@ -325,8 +325,8 @@ To reiterate, don't do this:
 
 ::
 
-  if (expr)            // BAD: no braces around...
-      while (expr_2) { // ... a multi-line body
+  if (expr)                 /* BAD: no braces around... */
+      while (expr_2) {      /* ... a multi-line body */
           ...
       }
 
@@ -356,11 +356,11 @@ longer, multi-line block be the ``else`` block.
       ...
   }
   else
-      x = y;    // BAD: braceless "else" with braced "then",
-                // and short block last
+      x = y;    /* BAD: braceless "else" with braced "then",
+                 * and short block last */
 
   if (expr)
-      x = y;    // BAD: braceless "if" with braced "else"
+      x = y;    /* BAD: braceless "if" with braced "else" */
   else {
       ...
       ...
@@ -375,7 +375,7 @@ rather than after the more involved block:
 ::
 
   if (!expr) {
-    x = y; // putting the smaller block first is more readable
+    x = y;      /* putting the smaller block first is more readable */
   } else {
       ...
       ...
@@ -403,19 +403,19 @@ itself.
 
   void
   foo(int a, int b)
-  {                          // correct - function body
+  {                          /* correct - function body */
       int 2d[][] = {
-        {                    // correct - complex initialization
+        {                    /* correct - complex initialization */
           1, 2,
         },
       };
       if (a)
-      {                      // BAD: compound brace on its own line
+      {                      /* BAD: compound brace on its own line */
           do_stuff();
       }
-      {                      // correct - nested scope
+      {                      /* correct - nested scope */
           int tmp;
-          if (a < b) {       // correct - hanging brace
+          if (a < b) {       /* correct - hanging brace */
               tmp = b;
               b = a;
               a = tmp;
@@ -601,7 +601,7 @@ calling another function.
 
         x = y + 20;
 
-        char *z = NULL; // <===
+        char *z = NULL; /* <=== */
         ...
     }
 
@@ -705,35 +705,59 @@ use one of the following semantically named macros
 
    ::
 
-     STREQ(a,b)
-     STRNEQ(a,b)
+     STREQ(a, b)
+     STRNEQ(a, b)
 
 -  For case insensitive equality:
 
    ::
 
-     STRCASEEQ(a,b)
-     STRCASENEQ(a,b)
+     STRCASEEQ(a, b)
+     STRCASENEQ(a, b)
 
 -  For strict equality of a substring:
 
    ::
 
-     STREQLEN(a,b,n)
-     STRNEQLEN(a,b,n)
+     STREQLEN(a, b, n)
+     STRNEQLEN(a, b, n)
 
 -  For case insensitive equality of a substring:
 
    ::
 
-     STRCASEEQLEN(a,b,n)
-     STRCASENEQLEN(a,b,n)
+     STRCASEEQLEN(a, b, n)
+     STRCASENEQLEN(a, b, n)
 
 -  For strict equality of a prefix:
 
    ::
 
-     STRPREFIX(a,b)
+     STRPREFIX(a, b)
+
+-  For case insensitive equality of a prefix:
+
+   ::
+
+     STRCASEPREFIX(a, b)
+
+-  For skipping prefix:
+
+   ::
+
+     /* Instead of:
+      *   STRPREFIX(a, b) ? a + strlen(b) : NULL
+      * use: */
+     STRSKIP(a, b)
+
+-  For skipping prefix case insensitively:
+
+   ::
+
+     /* Instead of:
+      *   STRCASEPREFIX(a, b) ? a + strlen(b) : NULL
+      * use: */
+     STRCASESKIP(a, b)
 
 -  To avoid having to check if a or b are NULL:
 
@@ -894,24 +918,28 @@ Error messages visible to the user should be short and
 descriptive. All error messages are translated using gettext and
 thus must be wrapped in ``_()`` macro. To simplify the translation
 work, the error message must not be concatenated from various
-parts. To simplify searching for the error message in the code the
-strings should not be broken even if they result into a line
-longer than 80 columns and any formatting modifier should be
-enclosed by quotes or other obvious separator. If a string used
-with ``%s`` can be NULL the NULLSTR macro must be used.
+parts and all format strings must be permutable by directly
+addressing each argument using ``%N$...`` syntax. For example,
+``%1$s``, ``%2$llu`` or ``%4$s`` to format the first argument as
+string, the second argument as unsigned long long, and the fourth
+argument as string, respectively. To simplify searching for the error
+message in the code the strings should not be broken even if they
+result into a line longer than 80 columns and any formatting modifier
+should be enclosed by quotes or other obvious separator. If a string
+used with ``%N$s`` can be NULL the NULLSTR macro must be used.
 
 ::
 
   GOOD: virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Failed to connect to remote host '%s'"), hostname)
+                       _("Failed to connect to remote host '%1$s'"), hostname)
 
   BAD: virReportError(VIR_ERR_INTERNAL_ERROR,
-                      _("Failed to %s to remote host '%s'"),
+                      _("Failed to %1$s to remote host '%2$s'"),
                       "connect", hostname);
 
   BAD: virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("Failed to connect "
-                      "to remote host '%s'),
+                      "to remote host '%1$s'),
                       hostname);
 
 Use of goto

docs/css/libvirt.css

@@ -105,10 +105,8 @@ main,
     width: 70em;
 }
 
-main#index,
-#index.document,
-main#hvsupport,
-#hvsupport.document,
+main#the-virtualization-api,
+#the-virtualization-api.document,
 main#documentation,
 #documentation.document,
 main#knowledge-base,
@@ -158,15 +156,6 @@ h1 a, h2 a, h3 a, h4 a, h5 a {
     text-decoration: inherit;
 }
 
-#changelog .author {
-    color: #3c857c;
-    font-weight: bold;
-}
-
-p.image {
-    text-align: center;
-}
-
 table {
     border-collapse: collapse;
     min-width: 60%;
@@ -201,79 +190,6 @@ table tr td:hover {
     background: #c5dbd8;
 }
 
-#projects {
-    margin: 0px;
-    border: 0px;
-    position: absolute;
-    top: 0px;
-    left: 0px;
-    width: 100%;
-}
-
-#projects dl {
-    margin: 0px;
-    border: 0px solid white;
-    height: 180px;
-    position: absolute;
-    top: 0px;
-    left: 0px;
-}
-
-#projects #p1 {
-    margin-left: 25%;
-    width: 75%;
-}
-
-#projects #p2 {
-    margin-left: 50%;
-    width: 50%;
-}
-
-#projects #p3 {
-    margin-left: 75%;
-    width: 25%;
-}
-
-#projects dt, #projects dd {
-    padding: 0px;
-    margin: 0px;
-}
-
-#projects #p1 dt, #projects #p1 dd {
-    width: 33%;
-}
-
-#projects #p2 dt, #projects #p2 dd {
-    width: 50%;
-}
-
-#projects #p3 dt, #projects #p3 dd {
-    width: 99%;
-}
-
-#projects span {
-    font-size: 0.8em;
-    display: block;
-    padding-left: 1em;
-    padding-top: 0.5em;
-}
-
-#projects a {
-    font-size: 0.8em;
-    display: block;
-    padding-left: 0.8em;
-    padding-top: 1em;
-}
-
-#projects a {
-    color: white;
-    text-decoration: inherit;
-}
-
-#projects span {
-    color: #ccc;
-}
-
 span.since {
     color: #3c857c;
     font-style: italic;
@@ -401,7 +317,8 @@ h6:hover > a.headerlink {
     visibility: visible;
 }
 
-div.panel,
+#the-virtualization-api section,
+#the-virtualization-api .section,
 #documentation section,
 #documentation .section,
 #knowledge-base section,
@@ -409,11 +326,13 @@ div.panel,
 {
     width: 24%;
     margin-left: 7%;
+    margin-bottom: 2em;
     float: left;
     background: rgb(230, 230, 230);
 }
 
-div.panel h2,
+#the-virtualization-api section h2,
+#the-virtualization-api .section h1,
 #documentation section h2,
 #documentation .section h1,
 #knowledge-base section h2,
@@ -425,9 +344,10 @@ div.panel h2,
     background: rgb(0, 95, 97);
     color: rgb(255, 255, 255);
     text-align: center;
+    font-size: 1.6em;
 }
 
-#index.document h1 {
+#the-virtualization-api > h1 {
     border: 0px;
     text-indent: 100%; white-space: nowrap; overflow: hidden;
     background: url(../logos/logo-banner-dark-800.png) no-repeat center center;
@@ -492,21 +412,21 @@ br.clear {
     font-size: smaller;
 }
 
-div.panel dd,
+#the-virtualization-api dd,
 #documentation dd,
 #knowledge-base dd {
     font-size: smaller;
 }
 
-div.panel a,
+#the-virtualization-api a,
 #documentation a,
 #knowledge-base a {
     text-decoration: none;
 }
 
-div.panel ul,
-div.panel p,
-div.panel dl,
+#the-virtualization-api ul,
+#the-virtualization-api p,
+#the-virtualization-api dl,
 #documentation ul,
 #documentation p,
 #documentation dl,
@@ -517,40 +437,32 @@ div.panel dl,
     margin: 0px;
 }
 
-div.panel ul,
+#the-virtualization-api li p
+{
+    padding-left: 0.5em;
+    padding-top: 0px;
+    padding-bottom: 0px;
+}
+
+#the-virtualization-api ul,
 #documentation ul,
 #knowledge-base ul {
     margin-left: 1em;
 }
 
-div.panel dt,
+#the-virtualization-api dt,
 #documentation dt,
 #knowledge-base dt {
     margin: 0px;
 }
 
-div.panel dd,
+#the-virtualization-api dd,
 #documentation dd,
 #knowledge-base dd {
     margin: 0px;
     margin-bottom: 1em;
 }
 
-dl.mail dt {
-    background: rgb(0, 97, 95);
-    color: rgb(255, 255, 255);
-    font-weight: bold;
-    padding: 0.5em;
-}
-dl.mail dt a {
-    color: inherit;
-    text-decoration: none;
-}
-dl.mail dt a:hover {
-    color:  rgb(255, 230, 0);
-    text-decoration: none;
-}
-
 td.enumvalue {
     white-space: nowrap;
 }
@@ -607,15 +519,6 @@ td.enumvalue {
     margin: 2px;
 }
 
-td.gitmirror {
-    font-size: smaller;
-    font-style: italic;
-}
-
-td.gitmirror a {
-    color: inherit;
-}
-
 th p, td p {
     margin-top: 0px;
     margin-bottom: 0px;
@@ -636,3 +539,7 @@ th p, td p {
 #contents p.topic-title {
     display: none;
 }
+
+span.del {
+    text-decoration: line-through;
+}

docs/css/meson.build

@@ -11,7 +11,11 @@ install_data(docs_css_files, install_dir: docs_html_dir / 'css')
 foreach file : docs_css_files
   # This hack enables us to view the web pages
   # from within the uninstalled build tree
-  configure_file(input: file, output: file, copy: true)
+  if meson.version().version_compare('>=0.64.0')
+    fs.copyfile(file)
+  else
+    configure_file(input: file, output: file, copy: true)
+  endif
 
   install_web_files += '@0@:@1@'.format(meson.current_source_dir() / file, docs_html_dir / 'css')
 endforeach

docs/css/mobile.css

@@ -1,101 +1,107 @@
 @media (max-width: 1000px) {
     #home {
-	width: 100%;
-	display: block;
-	margin: 0px;
-	background: white url(../logos/logo-banner-dark-256.png) no-repeat center center;
-	height: 94px;
+       width: 100%;
+       display: block;
+       margin: 0px;
+       background: white url(../logos/logo-banner-dark-256.png) no-repeat center center;
+       height: 94px;
     }
     #home a {
-	width: 100%;
+       width: 100%;
     }
     #search {
-	width: 100%;
-	display: block;
-	margin: 0px;
-	background: white;
-	padding: 0px;
-	height: 2em;
+       width: 100%;
+       display: block;
+       margin: 0px;
+       background: white;
+       padding: 0px;
+       height: 2em;
     }
     #search form {
-	padding: 5px;
+       padding: 5px;
     }
-    body.index h1 {
-	display: none;
+    #the-virtualization-api > h1,
+    #the-virtualization-api > h2 {
+       display: none;
     }
     #jumplinks {
-	padding: 0px;
-	display: block;
-	width: 100%;
-	text-align: center;
-	margin: 0px;
-	height: 1.3em;
-	font-size: 1em;
-	border-top: 3px solid rgb(60, 133, 124);
-	border-bottom: 3px solid rgb(60, 133, 124);
+       padding: 0px;
+       display: block;
+       width: 100%;
+       text-align: center;
+       margin: 0px;
+       height: 1.3em;
+       font-size: 1em;
+       border-top: 3px solid rgb(60, 133, 124);
+       border-bottom: 3px solid rgb(60, 133, 124);
     }
     #jumplinks ul {
-	display: block;
-	padding: 0px;
-	margin: 0px;
+       display: block;
+       padding: 0px;
+       margin: 0px;
     }
     #jumplinks li {
-	margin: 0px;
-	padding-left: 0.5em;
-	padding-right: 0.5em;
+       margin: 0px;
+       padding-left: 0.5em;
+       padding-right: 0.5em;
     }
     #nav {
-	border: 0px;
+       border: 0px;
     }
 
     #search.navhide {
-	display: none !IMPORTANT;
+       display: none !IMPORTANT;
     }
     #home.navhide {
-	position: fixed;
-	top: 0px;
-	z-index: 9001;
-	width: 6em;
-	display: block;
-	margin: 0px;
-	background: inherit;
-	height: 1.3em;
-	border-top: 3px solid rgb(60, 133, 124);
-	border-bottom: 3px solid rgb(60, 133, 124);
-	font-size: 1em;
-	text-indent: 0px;
-	font-weight: bold;
-	padding-left: 1em;
+       position: fixed;
+       top: 0px;
+       z-index: 9001;
+       width: 6em;
+       display: block;
+       margin: 0px;
+       background: inherit;
+       height: 1.3em;
+       border-top: 3px solid rgb(60, 133, 124);
+       border-bottom: 3px solid rgb(60, 133, 124);
+       font-size: 1em;
+       text-indent: 0px;
+       font-weight: bold;
+       padding-left: 1em;
     }
     #home.navhide a {
-	color: white;
-	text-decoration: none;
+       color: white;
+       text-decoration: none;
     }
     #home.navhide a:hover {
-	color: rgb(255, 230, 0);
+       color: rgb(255, 230, 0);
     }
     #jumplinks.navhide {
-	position: fixed;
-	text-align: right;
-	top: 0px;
-	z-index: 9000;
-	background: rgb(0, 95, 97);
+       position: fixed;
+       text-align: right;
+       top: 0px;
+       z-index: 9000;
+       background: rgb(0, 95, 97);
     }
     #jumplinks.navhide ul {
-	z-index: 9001;
+       z-index: 9001;
     }
     #body {
-	margin-top: 180px;
+       margin-top: 180px;
     }
-    div.panel {
-	width: 80%;
-	float: none;
-	margin-bottom: 2em;
+    #the-virtualization-api section,
+    #the-virtualization-api .section,
+    #documentation section,
+    #documentation .section,
+    #knowledge-base section,
+    #knowledge-base .section {
+       width: 100%;
+       margin-left: 0px;
+       float: none;
     }
     #advancedsearch {
-	margin-top: 4em;
-	border: 0px;
-	background: white;
-	color: black;
+       margin-top: 4em;
+       border: 0px;
+       background: white;
+       color: black;
     }
 }

docs/docs.rst

@@ -72,20 +72,20 @@ Application development
    `secret <html/libvirt-libvirt-secret.html>`__,
    `storage <html/libvirt-libvirt-storage.html>`__,
    `stream <html/libvirt-libvirt-stream.html>`__ and
-   `admin <html/index-admin.html>`__,
-   `QEMU <html/index-qemu.html>`__,
-   `LXC <html/index-lxc.html>`__ libs
+   `admin <html/libvirt-libvirt-admin.html>`__,
+   `QEMU <html/libvirt-libvirt-qemu.html>`__,
+   `LXC <html/libvirt-libvirt-lxc.html>`__ libs
 
 `Language bindings and API modules <bindings.html>`__
    Bindings of the libvirt API for
    `c# <csharp.html>`__,
-   `go <https://pkg.go.dev/libvirt.org/go/libvirt>`__,
-   `java <java.html>`__,
-   `ocaml <https://libvirt.org/ocaml/>`__,
+   `go <https://pkg.go.dev/libvirt.org/go/libvirt>`__ (`all go modules <golang.html>`__),
+   `java <https://java.libvirt.org/>`__,
+   `ocaml <https://ocaml.libvirt.org/>`__,
    `perl <https://search.cpan.org/dist/Sys-Virt/>`__,
    `python <python.html>`__,
-   `php <php.html>`__,
-   `ruby <https://libvirt.org/ruby/>`__
+   `php <https://php.libvirt.org>`__,
+   `ruby <https://ruby.libvirt.org/>`__
    and integration API modules for
    `D-Bus <dbus.html>`__
 
@@ -163,3 +163,6 @@ Project development
 
 `New repo setup <newreposetup.html>`__
    Procedure for configuring new git repositories for libvirt
+
+`Libvirt logos <logos/index.html>`__
+   Libvirt logo files and guideline how to use them

docs/downloads.rst

@@ -24,7 +24,7 @@ Libvirt
     - Resources
 
   * - libvirt
-    - `libvirt <https://libvirt.org/sources/>`__
+    - `libvirt <https://download.libvirt.org/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt>`__
     - `issues <https://gitlab.com/libvirt/libvirt/-/issues>`__
     - `github <https://github.com/libvirt/libvirt>`__
@@ -45,28 +45,28 @@ Language bindings
     - Resources
 
   * - C#
-    - `libvirt <https://libvirt.org/sources/csharp/>`__
+    -
     - `gitlab <https://gitlab.com/libvirt/libvirt-csharp>`__
     - `issues <https://gitlab.com/libvirt/libvirt-csharp/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-csharp>`__
     -
 
   * - Go
-    - `libvirt <https://libvirt.org/go/libvirt>`__
+    - `pkg.go.dev <https://pkg.go.dev/libvirt.org/go/libvirt>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-go-module>`__
     - `issues <https://gitlab.com/libvirt/libvirt-go-module/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-go-module>`__
     - `api ref <https://pkg.go.dev/libvirt.org/go/libvirt>`__
 
   * - Java
-    - `libvirt <https://libvirt.org/sources/java/>`__
+    - `libvirt <https://download.libvirt.org/java/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-java>`__
     - `issues <https://gitlab.com/libvirt/libvirt-java/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-java>`__
     -
 
   * - OCaml
-    - `libvirt <https://libvirt.org/sources/ocaml/>`__
+    - `libvirt <https://download.libvirt.org/ocaml/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-ocaml>`__
     - `issues <https://gitlab.com/libvirt/libvirt-ocaml/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-ocaml>`__
@@ -78,17 +78,17 @@ Language bindings
     - `issues <https://gitlab.com/libvirt/libvirt-perl/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-perl>`__
     - `api ref <https://metacpan.org/release/Sys-Virt/>`__
-      `changes <https://libvirt.org/git/?p=libvirt-perl.git;a=blob;f=Changes;hb=HEAD>`__
+      `changes <https://gitlab.com/libvirt/libvirt-perl/-/blob/master/Changes>`__
 
   * - PHP
-    - `libvirt <https://libvirt.org/sources/php/>`__
+    - `libvirt <https://download.libvirt.org/php/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-php>`__
     - `issues <https://gitlab.com/libvirt/libvirt-php/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-php>`__
     -
 
   * - Python
-    - `libvirt <https://libvirt.org/sources/python/>`__
+    - `libvirt <https://download.libvirt.org/python/>`__
       `pypi <https://pypi.python.org/pypi/libvirt-python>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-python>`__
     - `issues <https://gitlab.com/libvirt/libvirt-python/-/issues>`__
@@ -96,7 +96,7 @@ Language bindings
     -
 
   * - Ruby
-    - `libvirt <https://libvirt.org/sources/ruby/>`__
+    - `libvirt <https://download.libvirt.org/ruby/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-ruby>`__
     - `issues <https://gitlab.com/libvirt/libvirt-ruby/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-ruby>`__
@@ -123,56 +123,56 @@ Integration modules
     - Resources
 
   * - GLib / GConfig / GObject
-    - `libvirt <https://libvirt.org/sources/glib/>`__
+    - `libvirt <https://download.libvirt.org/glib/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-glib>`__
     - `issues <https://gitlab.com/libvirt/libvirt-glib/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-glib>`__
     -
 
   * - Go XML
-    - `libvirt <https://libvirt.org/go/libvirtxml>`__
+    - `pkg.go.dev <https://pkg.go.dev/libvirt.org/go/libvirtxml>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-go-xml-module>`__
     - `issues <https://gitlab.com/libvirt/libvirt-go-xml-module/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-go-xml-module>`__
     - `api ref <https://pkg.go.dev/libvirt.org/go/libvirtxml>`__
 
   * - D-Bus
-    - `libvirt <https://libvirt.org/sources/dbus/>`__
+    - `libvirt <https://download.libvirt.org/dbus/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-dbus>`__
     - `issues <https://gitlab.com/libvirt/libvirt-dbus/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-dbus>`__
     -
 
   * - Console Proxy
-    - `libvirt <https://libvirt.org/sources/consoleproxy/>`__
+    -
     - `gitlab <https://gitlab.com/libvirt/libvirt-console-proxy>`__
     - `issues <https://gitlab.com/libvirt/libvirt-console-proxy/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-console-proxy>`__
     -
 
   * - CIM provider
-    - `libvirt <https://libvirt.org/sources/CIM/>`__
+    - `libvirt <https://download.libvirt.org/CIM/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-cim>`__
     - `issues <https://gitlab.com/libvirt/libvirt-cim/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-cim>`__
     -
 
   * - CIM utils
-    - `libvirt <https://libvirt.org/sources/CIM/>`__
+    - `libvirt <https://download.libvirt.org/CIM/>`__
     - `gitlab <https://gitlab.com/libvirt/libcmpiutil>`__
     - `issues <https://gitlab.com/libvirt/libcmpiutil/-/issues>`__
     - `github <https://github.com/libvirt/libcmpiutil>`__
     -
 
   * - SNMP
-    - `libvirt <https://libvirt.org/sources/snmp/>`__
+    - `libvirt <https://download.libvirt.org/snmp/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-snmp>`__
     - `issues <https://gitlab.com/libvirt/libvirt-snmp/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-snmp>`__
     -
 
   * - Application Sandbox
-    - `libvirt <https://libvirt.org/sources/sandbox/>`__
+    - `libvirt <https://download.libvirt.org/sandbox/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-sandbox>`__
     - `issues <https://gitlab.com/libvirt/libvirt-sandbox/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-sandbox>`__
@@ -191,7 +191,7 @@ Testing
     - GIT Mirrors
 
   * - TCK
-    - `libvirt <https://libvirt.org/sources/tck/>`__
+    - `libvirt <https://download.libvirt.org/tck/>`__
     - `gitlab <https://gitlab.com/libvirt/libvirt-tck>`__
     - `issues <https://gitlab.com/libvirt/libvirt-tck/-/issues>`__
     - `github <https://github.com/libvirt/libvirt-tck>`__
@@ -252,7 +252,7 @@ Most modules have releases made available for download on the project site via
 HTTPS. Some modules are instead made available at alternative locations, for
 example, the Perl binding is made available only on CPAN.
 
--  `libvirt.org HTTPS server <https://libvirt.org/sources/>`__
+-  `libvirt.org HTTPS server <https://download.libvirt.org/>`__
 
 Primary release schedule
 ------------------------
@@ -354,7 +354,7 @@ following key is currently used to generate the GPG signatures:
    Fingerprint=453B 6531 0595 5628 5547  1199 CA68 BE80 1008 4C9C
 
 It can be downloaded from `this
-site <https://libvirt.org/sources/gpg_key.asc>`__ or from public GPG key
+site <https://download.libvirt.org/gpg_key.asc>`__ or from public GPG key
 servers.
 
 Releases prior to libvirt-6.6 were signed with the following GPG key:

docs/drvqemu.rst

@@ -294,6 +294,13 @@ use the 'context' option when mounting the filesystem to set the default label
 to ``system_u:object_r:virt_image_t``. In the case of NFS, there is an
 alternative option, of enabling the ``virt_use_nfs`` SELinux boolean.
 
+There are some network filesystems, however, that propagate SELinux labels
+properly, just like a local filesystem (e.g. ceph or CIFS). In such case,
+dynamic labelling (described below) might prevent migration of a virtual
+machine as new unique SELinux label is assigned to the virtual machine on the
+migration destination side. Users are advised to use static labels (``<seclabel
+type='static' .../>``).
+
 SELinux sVirt confinement
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -688,17 +695,44 @@ The individual properties are overridden by a ``<qemu:property>`` element. The
 ``name`` specifies the name of the property to override. In case when libvirt
 doesn't configure the property a property with the name is added to the
 commandline. The ``type`` attribute specifies a type of the argument used. The
-type must correspond with the type that is expected by QEMU. Supported values
-for the type attribute are: ``string``, ``number``, ``bool`` (allowed values for
-``bool`` are ``true`` and ``false``) and ``remove``. The ``remove`` type is
-special and instructs libvirt to remove the property without replacement.
+type must correspond semantically (e.g use a numeric type when qemu expects a
+number) with the type that is expected by QEMU. Supported values for the ``type``
+attribute are:
+
+  ``string``
+    Used to override ``qemu`` properties of ``str`` type as well as any
+    enumeration type (e.g. ``OnOffAuto`` in which case the value can be one of
+    ``on``, ``off``, or ``auto``).
+
+  ``unsigned``
+    Used to override numeric properties with an non-negative value. Note that
+    this can be used to also override signed values in qemu.
+
+    Used for any numeric type of a ``qemu`` property such as ``uint32``,
+    ``int32``, ``size``, etc.
+
+    The value is interpreted as a base 10 number, make sure to convert numbers
+    if needed.
+
+  ``signed``
+    Same semantics as ``unsigned`` above but used when a negative value is
+    needed.
+
+  ``bool``
+    Used to override ``qemu`` properties of ``bool`` type. Allowed values for
+    are ``true`` and ``false``.
+
+  ``remove``.
+    The ``remove`` type is special and instructs libvirt to remove the property
+    without replacement.
 
 The overrides are applied only to initial device configuration passed to QEMU
 via the commandline. Later hotplug operations will not apply any modifications.
 
-Configuring override for a device alias which is not used or attempting to
-remove a device property which is not formatted by libvirt will cause failure
-to startup the VM.
+The properties of a device can be queried directly in qemu (e.g. for the
+``virtio-blk-pci`` device) via ::
+
+  # qemu-system-x86_64 -device virtio-blk-pci,?
 
 *Note:* The libvirt project doesn't guarantee any form of compatibility and
 stability of devices with overridden properties. The domain is tainted when

docs/drvvbox.rst

@@ -4,7 +4,7 @@
 VirtualBox hypervisor driver
 ============================
 
-The libvirt VirtualBox driver can manage any VirtualBox version from version 4.0
+The libvirt VirtualBox driver can manage any VirtualBox version from version 6.1
 onwards ( :since:`since libvirt 3.0.0` ).
 
 Project Links

docs/fonts/meson.build

@@ -17,7 +17,11 @@ install_data(fonts, install_dir: docs_html_dir / 'fonts')
 foreach file : fonts
   # This hack enables us to view the web pages
   # from within the uninstalled build tree
-  configure_file(input: file, output: file, copy: true)
+  if meson.version().version_compare('>=0.64.0')
+    fs.copyfile(file)
+  else
+    configure_file(input: file, output: file, copy: true)
+  endif
 
   install_web_files += '@0@:@1@'.format(meson.current_source_dir() / file, docs_html_dir / 'fonts')
 endforeach

docs/formatcaps.rst

@@ -143,55 +143,182 @@ capabilities enabled in the chip and BIOS you will see:
 
 ::
 
-   <capabilities>
-     <host>
-       <cpu>
-         <arch>x86_64</arch>
-         <features>
-           <vmx/>
-         </features>
-         <model>core2duo</model>
-         <vendor>Intel</vendor>
-         <topology sockets="1" dies="1" cores="2" threads="1"/>
-         <feature name="lahf_lm"/>
-         <feature name='xtpr'/>
-         ...
-       </cpu>
-       <power_management>
-         <suspend_mem/>
-         <suspend_disk/>
-         <suspend_hybrid/>
-       </power_management>
-     </host>
+  <capabilities>
 
-     <!-- xen-3.0-x86_64 -->
-     <guest>
-       <os_type>xen</os_type>
-       <arch name="x86_64">
-         <wordsize>64</wordsize>
-         <domain type="xen"></domain>
-         <emulator>/usr/lib64/xen/bin/qemu-dm</emulator>
-       </arch>
-       <features>
-       </features>
-     </guest>
+    <host>
+      <uuid>7b55704c-29f4-11b2-a85c-9dc6ff50623f</uuid>
+      <cpu>
+        <arch>x86_64</arch>
+        <model>Skylake-Client-noTSX-IBRS</model>
+        <vendor>Intel</vendor>
+        <microcode version='236'/>
+        <signature family='6' model='142' stepping='12'/>
+        <counter name='tsc' frequency='2303997000' scaling='no'/>
+        <topology sockets='1' dies='1' cores='4' threads='2'/>
+        <maxphysaddr mode='emulate' bits='39'/>
+        <feature name='ds'/>
+        <feature name='acpi'/>
+        <feature name='ss'/>
+        <feature name='ht'/>
+        <feature name='tm'/>
+        <feature name='pbe'/>
+        <feature name='dtes64'/>
+        <feature name='monitor'/>
+        <feature name='ds_cpl'/>
+        <feature name='vmx'/>
+        <feature name='smx'/>
+        <feature name='est'/>
+        <feature name='tm2'/>
+        <feature name='xtpr'/>
+        <feature name='pdcm'/>
+        <feature name='osxsave'/>
+        <feature name='tsc_adjust'/>
+        <feature name='sgx'/>
+        <feature name='clflushopt'/>
+        <feature name='intel-pt'/>
+        <feature name='md-clear'/>
+        <feature name='stibp'/>
+        <feature name='arch-capabilities'/>
+        <feature name='ssbd'/>
+        <feature name='xsaves'/>
+        <feature name='sgx1'/>
+        <feature name='sgx-debug'/>
+        <feature name='sgx-mode64'/>
+        <feature name='sgx-provisionkey'/>
+        <feature name='sgx-tokenkey'/>
+        <feature name='pdpe1gb'/>
+        <feature name='invtsc'/>
+        <feature name='rdctl-no'/>
+        <feature name='ibrs-all'/>
+        <feature name='skip-l1dfl-vmentry'/>
+        <feature name='mds-no'/>
+        <feature name='tsx-ctrl'/>
+        <pages unit='KiB' size='4'/>
+        <pages unit='KiB' size='2048'/>
+        <pages unit='KiB' size='1048576'/>
+      </cpu>
+      <power_management>
+        <suspend_mem/>
+      </power_management>
+      <iommu support='yes'/>
+      <migration_features>
+        <live/>
+        <uri_transports>
+          <uri_transport>tcp</uri_transport>
+          <uri_transport>rdma</uri_transport>
+        </uri_transports>
+      </migration_features>
+      <topology>
+        <cells num='1'>
+          <cell id='0'>
+            <memory unit='KiB'>32498112</memory>
+            <pages unit='KiB' size='4'>6813808</pages>
+            <pages unit='KiB' size='2048'>2048</pages>
+            <pages unit='KiB' size='1048576'>1</pages>
+            <distances>
+              <sibling id='0' value='10'/>
+            </distances>
+            <cpus num='8'>
+              <cpu id='0' socket_id='0' die_id='0' core_id='0' siblings='0,4'/>
+              <cpu id='1' socket_id='0' die_id='0' core_id='1' siblings='1,5'/>
+              <cpu id='2' socket_id='0' die_id='0' core_id='2' siblings='2,6'/>
+              <cpu id='3' socket_id='0' die_id='0' core_id='3' siblings='3,7'/>
+              <cpu id='4' socket_id='0' die_id='0' core_id='0' siblings='0,4'/>
+              <cpu id='5' socket_id='0' die_id='0' core_id='1' siblings='1,5'/>
+              <cpu id='6' socket_id='0' die_id='0' core_id='2' siblings='2,6'/>
+              <cpu id='7' socket_id='0' die_id='0' core_id='3' siblings='3,7'/>
+            </cpus>
+          </cell>
+        </cells>
+      </topology>
+      <cache>
+        <bank id='0' level='3' type='both' size='8' unit='MiB' cpus='0-7'/>
+      </cache>
+      <secmodel>
+        <model>none</model>
+        <doi>0</doi>
+      </secmodel>
+      <secmodel>
+        <model>dac</model>
+        <doi>0</doi>
+        <baselabel type='kvm'>+77:+77</baselabel>
+        <baselabel type='qemu'>+77:+77</baselabel>
+      </secmodel>
+    </host>
 
-     <!-- hvm-3.0-x86_32 -->
-     <guest>
-       <os_type>hvm</os_type>
-       <arch name="i686">
-         <wordsize>32</wordsize>
-         <domain type="xen"></domain>
-         <emulator>/usr/lib/xen/bin/qemu-dm</emulator>
-         <machine>pc</machine>
-         <machine>isapc</machine>
-         <loader>/usr/lib/xen/boot/hvmloader</loader>
-       </arch>
-       <features>
-         <cpuselection/>
-         <deviceboot/>
-       </features>
-     </guest>
+    <guest>
+      <os_type>hvm</os_type>
+      <arch name='x86_64'>
+        <wordsize>64</wordsize>
+        <emulator>/usr/bin/qemu-system-x86_64</emulator>
+        <machine maxCpus='255'>pc-i440fx-7.1</machine>
+        <machine canonical='pc-i440fx-7.1' maxCpus='255'>pc</machine>
+        <machine maxCpus='288'>pc-q35-5.2</machine>
+        <machine maxCpus='255'>pc-i440fx-2.12</machine>
+        <machine maxCpus='255'>pc-i440fx-2.0</machine>
+        <machine maxCpus='255'>pc-i440fx-6.2</machine>
+        <machine maxCpus='288'>pc-q35-4.2</machine>
+        <machine maxCpus='255'>pc-i440fx-2.5</machine>
+        <machine maxCpus='255'>pc-i440fx-4.2</machine>
+        <machine maxCpus='255'>pc-i440fx-5.2</machine>
+        <machine maxCpus='255' deprecated='yes'>pc-i440fx-1.5</machine>
+        <machine maxCpus='255'>pc-q35-2.7</machine>
+        <machine maxCpus='288'>pc-q35-7.1</machine>
+        <machine canonical='pc-q35-7.1' maxCpus='288'>q35</machine>
+        <machine maxCpus='255'>pc-i440fx-2.2</machine>
+        <machine maxCpus='255'>pc-i440fx-2.7</machine>
+        <machine maxCpus='288'>pc-q35-6.1</machine>
+        <machine maxCpus='255'>pc-q35-2.4</machine>
+        <machine maxCpus='288'>pc-q35-2.10</machine>
+        <machine maxCpus='1'>x-remote</machine>
+        <machine maxCpus='288'>pc-q35-5.1</machine>
+        <machine maxCpus='255' deprecated='yes'>pc-i440fx-1.7</machine>
+        <machine maxCpus='288'>pc-q35-2.9</machine>
+        <machine maxCpus='255'>pc-i440fx-2.11</machine>
+        <machine maxCpus='288'>pc-q35-3.1</machine>
+        <machine maxCpus='255'>pc-i440fx-6.1</machine>
+        <machine maxCpus='288'>pc-q35-4.1</machine>
+        <machine maxCpus='255'>pc-i440fx-2.4</machine>
+        <machine maxCpus='255'>pc-i440fx-4.1</machine>
+        <machine maxCpus='255'>pc-i440fx-5.1</machine>
+        <machine maxCpus='255'>pc-i440fx-2.9</machine>
+        <machine maxCpus='1'>isapc</machine>
+        <machine maxCpus='255' deprecated='yes'>pc-i440fx-1.4</machine>
+        <machine maxCpus='255'>pc-q35-2.6</machine>
+        <machine maxCpus='255'>pc-i440fx-3.1</machine>
+        <machine maxCpus='288'>pc-q35-2.12</machine>
+        <machine maxCpus='288'>pc-q35-7.0</machine>
+        <machine maxCpus='255'>pc-i440fx-2.1</machine>
+        <machine maxCpus='288'>pc-q35-6.0</machine>
+        <machine maxCpus='255'>pc-i440fx-2.6</machine>
+        <machine maxCpus='288'>pc-q35-4.0.1</machine>
+        <machine maxCpus='255'>pc-i440fx-7.0</machine>
+        <machine maxCpus='255' deprecated='yes'>pc-i440fx-1.6</machine>
+        <machine maxCpus='288'>pc-q35-5.0</machine>
+        <machine maxCpus='288'>pc-q35-2.8</machine>
+        <machine maxCpus='255'>pc-i440fx-2.10</machine>
+        <machine maxCpus='288'>pc-q35-3.0</machine>
+        <machine maxCpus='255'>pc-i440fx-6.0</machine>
+        <machine maxCpus='288'>pc-q35-4.0</machine>
+        <machine maxCpus='288'>microvm</machine>
+        <machine maxCpus='255'>pc-i440fx-2.3</machine>
+        <machine maxCpus='255'>pc-i440fx-4.0</machine>
+        <machine maxCpus='255'>pc-i440fx-5.0</machine>
+        <machine maxCpus='255'>pc-i440fx-2.8</machine>
+        <machine maxCpus='288'>pc-q35-6.2</machine>
+        <machine maxCpus='255'>pc-q35-2.5</machine>
+        <machine maxCpus='255'>pc-i440fx-3.0</machine>
+        <machine maxCpus='288'>pc-q35-2.11</machine>
+        <domain type='qemu'/>
+        <domain type='kvm'/>
+      </arch>
+      <features>
+        <acpi default='on' toggle='yes'/>
+        <apic default='on' toggle='no'/>
+        <cpuselection/>
+        <deviceboot/>
+        <disksnapshot default='on' toggle='no'/>
+      </features>
+    </guest>
 
-     ...
-   </capabilities>
+  </capabilities>

docs/formatdomain.rst

@@ -255,8 +255,14 @@ harddisk, cdrom, network) determining where to obtain/find the boot image.
    is assumed that there will be a writable NVRAM available. In some cases,
    however, it may be desirable for the loader to run without any NVRAM, discarding
    any config changes on shutdown. The ``stateless`` flag (:since:`Since 8.6.0`)
-   can be used to control this behaviour, when set to ``no`` NVRAM will never
+   can be used to control this behaviour, when set to ``yes`` NVRAM will never
    be created.
+
+   When firmware autoselection is enabled, the ``format`` attribute can be
+   used to tell libvirt to only consider firmware builds that are in a
+   specific format. Supported values are ``raw`` and ``qcow2``.
+   :since:`Since 9.2.0 (QEMU only)`
+
 ``nvram``
    Some UEFI firmwares may want to use a non-volatile memory to store some
    variables. In the host, this is represented as a file and the absolute path
@@ -276,6 +282,10 @@ harddisk, cdrom, network) determining where to obtain/find the boot image.
    **Note:** ``network`` backed NVRAM the variables are not instantiated from
    the ``template`` and it's user's responsibility to provide a valid NVRAM image.
 
+   This element supports a ``format`` attribute, which has the same semantics
+   as the attribute of the same name for the ``<loader>`` element.
+   :since:`Since 9.2.0 (QEMU only)`
+
    It is not valid to provide this element if the loader is marked as
    stateless.
 
@@ -730,7 +740,9 @@ host/guest with many LUNs. :since:`Since 1.2.8 (QEMU only)`
        <iothread id="2"/>
        <iothread id="4"/>
        <iothread id="6"/>
-       <iothread id="8" thread_pool_min="2" thread_pool_max="32"/>
+       <iothread id="8" thread_pool_min="2" thread_pool_max="32">
+         <poll max='123' grow='456' shrink='789'/>
+       </iothread>
      </iothreadids>
      <defaultiothread thread_pool_min="8" thread_pool_max="16"/>
      ...
@@ -756,6 +768,13 @@ host/guest with many LUNs. :since:`Since 1.2.8 (QEMU only)`
    ``thread_pool_max`` which allow setting lower and upper boundary for number
    of worker threads for given IOThread. While the former can be value of zero,
    the latter can't. :since:`Since 8.5.0`
+   :since:`Since 9.4.0` an optional sub-element ``poll`` with can be used to
+   override the hypervisor-default interval of polling for the iothread before
+   it switches back to events. The optional attribute ``max`` sets the maximum
+   time polling should be used in nanoseconds. Setting ``max`` to ``0`` disables
+   polling. Attributes ``grow`` and ``shrink`` override (or disable when set to
+   ``0`` the default steps for increasing/decreasing the polling interval if
+   the set interval is deemed insufficient or extensive.
 ``defaultiothread``
    This element represents the default event loop within hypervisor, where I/O
    requests from devices not assigned to a specific IOThread are processed.
@@ -849,7 +868,7 @@ CPU Tuning
    There is no unit for the value, it's a relative measure based on the setting
    of other VM, e.g. A VM configured with value 2048 will get twice as much CPU
    time as a VM configured with value 1024. The value should be in range
-   [2, 262144]. :since:`Since 0.9.0`
+   [2, 262144] using cgroups v1, [1, 10000] using cgroups v2. :since:`Since 0.9.0`
 ``period``
    The optional ``period`` element specifies the enforcement interval (unit:
    microseconds). Within ``period``, each vCPU of the domain will not be allowed
@@ -1107,7 +1126,9 @@ influence how virtual memory pages are backed by host pages.
    Using the optional ``mode`` attribute, specify when to allocate the memory by
    supplying either "immediate" or "ondemand". :since:`Since 8.2.0` it is
    possible to set the number of threads that hypervisor uses to allocate
-   memory via ``threads`` attribute.
+   memory via ``threads`` attribute. To speed allocation process up, when
+   pinning emulator thread it's recommended to include CPUs from desired NUMA
+   nodes so that allocation threads can have their affinity set.
 ``discard``
    When set and supported by hypervisor the memory content is discarded just
    before guest shuts down (or when DIMM module is unplugged). Please note that
@@ -1195,7 +1216,10 @@ NUMA Node Tuning
    'restrictive', defaults to 'strict'. The value 'restrictive' specifies
    using system default policy and only cgroups is used to restrict the
    memory nodes, and it requires setting mode to 'restrictive' in ``memnode``
-   elements. Attribute ``nodeset`` specifies the NUMA nodes, using the same
+   elements (see quirk below).  This exists solely for the purpose of being able
+   to request movement of such memory for a running domain using ``virsh
+   numatune`` or ``virDomainSetNumaParameters`` and is not guaranteed to happen.
+   Attribute ``nodeset`` specifies the NUMA nodes, using the same
    syntax as attribute ``cpuset`` of element ``vcpu``. Attribute ``placement`` (
    :since:`since 0.9.12` ) can be used to indicate the memory placement mode for
    domain process, its value can be either "static" or "auto", defaults to
@@ -1215,6 +1239,12 @@ NUMA Node Tuning
    addresses guest NUMA node for which the settings are applied. Attributes
    ``mode`` and ``nodeset`` have the same meaning and syntax as in ``memory``
    element. This setting is not compatible with automatic placement.
+   Note that for ``memnode`` this will only guide the memory access for the vCPU
+   threads or similar mechanism and is very hypervisor-specific.  This does not
+   guarantee the placement of the node's memory allocation.  For proper
+   restriction other means should be used (e.g. different mode, preallocated
+   hugepages).
+
    :since:`QEMU Since 1.2.7`
 
 
@@ -1353,7 +1383,7 @@ following collection of elements. :since:`Since 0.7.5`
 
    <cpu mode='host-passthrough' migratable='off'>
      <cache mode='passthrough'/>
-     <maxphysaddr mode='passthrough'/>
+     <maxphysaddr mode='passthrough' limit='39'/>
      <feature policy='disable' name='lahf_lm'/>
    ...
 
@@ -1615,7 +1645,8 @@ In case no restrictions need to be put on CPU model and its features, a simpler
          passed through to the virtual CPUs
       ``emulate``
          The hypervisor will define a specific value for the number of bits
-         of physical addresses via the ``bits`` attribute, which is mandatory.
+         of physical addresses via the ``bits`` attribute, (optional
+         :since:`since 9.2.0`)
 	 The number of bits cannot exceed the number of physical address bits
 	 supported by the hypervisor.
 
@@ -1623,6 +1654,11 @@ In case no restrictions need to be put on CPU model and its features, a simpler
       The ``bits`` attribute is mandatory if the ``mode`` attribute is set to
       ``emulate`` and specifies the virtual CPU address size in bits.
 
+   ``limit``
+     The ``limit`` attribute can be used to restrict the maximum value of
+     address bits for ``passthrough`` mode, i.e. in case the host CPU reports
+     more bits than that, ``limit`` is used. :since:`Since 9.3.0`
+
 Guest NUMA topology can be specified using the ``numa`` element. :since:`Since
 0.9.8`
 
@@ -2016,6 +2052,7 @@ are:
    tlbflush        Enable PV TLB flush support                                            on, off                                      :since:`4.7.0 (QEMU 3.0)`
    ipi             Enable PV IPI support                                                  on, off                                      :since:`4.10.0 (QEMU 3.1)`
    evmcs           Enable Enlightened VMCS                                                on, off                                      :since:`4.10.0 (QEMU 3.1)`
+   avic            Enable use Hyper-V SynIC with hardware APICv/AVIC                      on, off                                      :since:`8.10.0 (QEMU 6.2)`
    =============== ====================================================================== ============================================ =======================================================
 
    :since:`Since 8.0.0` , the hypervisor can be configured further by setting
@@ -2700,6 +2737,14 @@ paravirtualized driver is specified via the ``disk`` element.
    ``file``
       The ``file`` attribute specifies the fully-qualified path to the file
       holding the disk. :since:`Since 0.0.3`
+
+      :since:`Since 9.0.0` a new optional attribute ``fdgroup`` can be added
+      instructing to access the disk via file descriptors associated to the
+      domain object via the ``virDomainFDAssociate()`` API rather than opening
+      the files. The files do not necessarily have to be accessible by libvirt
+      via the filesystem. The filename passed via ``file`` can still be used
+      to generate paths to write into image metadata when doing block operations
+      but libvirt will not access these natively.
    ``block``
       The ``dev`` attribute specifies the fully-qualified path to the host
       device to serve as the disk. :since:`Since 0.0.3`
@@ -2937,13 +2982,20 @@ paravirtualized driver is specified via the ``disk`` element.
       are intended to be default, then the entire element may be omitted.
    ``reconnect``
       For disk type ``vhostuser`` configures reconnect timeout if the connection
-      is lost. It has two mandatory attributes:
+      is lost. This is set with the two mandatory attributes ``enabled`` and
+      ``timeout``.
+      For disk type ``network`` and protocol ``nbd`` the QEMU NBD reconnect delay
+      can be set via attribute ``delay``:
 
       ``enabled``
          If the reconnect feature is enabled, accepts ``yes`` and ``no``
       ``timeout``
          The amount of seconds after which hypervisor tries to reconnect.
-
+      ``delay``
+         Only for NBD hosts. The amount of seconds during which all requests are
+         paused and will be rerun after a successful reconnect. After that time, any
+         delayed requests and all future requests before a successful reconnect
+         will immediately fail. If not set the default QEMU value is 0.
 
    For a "file" or "volume" disk type which represents a cdrom or floppy (the
    ``device`` attribute), it is possible to define policy what to do with the
@@ -3232,34 +3284,39 @@ paravirtualized driver is specified via the ``disk`` element.
       format driver of the ``qemu`` hypervisor can be controlled via the
       ``max_size`` subelement (see example below).
 
+      The optional ``discard_no_unref`` attribute can be set to control the way
+      the ``qemu`` hypervisor handles guest discard commands inside the qcow2
+      image. When enabled, a discard request from within the guest will mark the
+      qcow2 cluster as zero, but will keep the reference/offset of that cluster.
+      But it will still pass the discard further to the lower layer.
+      This will resolve fragmentation within the qcow2 image. :since:`Since 9.5.0`
+
       In the majority of cases the default configuration used by the hypervisor
       is sufficient so modifying this setting should not be necessary. For
       specifics on how the metadata cache of ``qcow2`` in ``qemu`` behaves refer
       to the ``qemu``
       `qcow2 cache docs <https://git.qemu.org/?p=qemu.git;a=blob;f=docs/qcow2-cache.txt>`__
 
-      **Example:**
+      **Example**::
 
-::
-
-   <disk type='file' device='disk'>
-     <driver name='qemu' type='qcow2'>
-       <metadata_cache>
-         <max_size unit='bytes'>1234</max_size>
-       </metadata_cache>
-     </driver>
-     <source file='/var/lib/libvirt/images/domain.qcow'/>
-     <backingStore type='file'>
-       <format type='qcow2'>
-         <metadata_cache>
-           <max_size unit='bytes'>1234</max_size>
-         </metadata_cache>
-       </format>
-       <source file='/var/lib/libvirt/images/snapshot.qcow'/>
-       <backingStore/>
-     </backingStore>
-     <target dev='vdd' bus='virtio'/>
-   </disk>
+        <disk type='file' device='disk'>
+          <driver name='qemu' type='qcow2'>
+            <metadata_cache>
+              <max_size unit='bytes'>1234</max_size>
+            </metadata_cache>
+          </driver>
+          <source file='/var/lib/libvirt/images/domain.qcow'/>
+          <backingStore type='file'>
+            <format type='qcow2'>
+              <metadata_cache>
+                <max_size unit='bytes'>1234</max_size>
+              </metadata_cache>
+            </format>
+            <source file='/var/lib/libvirt/images/snapshot.qcow'/>
+            <backingStore/>
+          </backingStore>
+          <target dev='vdd' bus='virtio'/>
+        </disk>
 
 ``backenddomain``
    The optional ``backenddomain`` element allows specifying a backend domain
@@ -4766,19 +4823,25 @@ to the interface.
    </devices>
    ...
 
-Userspace SLIRP stack
-^^^^^^^^^^^^^^^^^^^^^
+Userspace (SLIRP or passt) connection
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-Provides a virtual LAN with NAT to the outside world. The virtual network has
-DHCP & DNS services and will give the guest VM addresses starting from
-``10.0.2.15``. The default router will be ``10.0.2.2`` and the DNS server will
-be ``10.0.2.3``. This networking is the only option for unprivileged users who
-need their VMs to have outgoing access. :since:`Since 3.8.0` it is possible to
-override the default network address by including an ``ip`` element specifying
-an IPv4 address in its one mandatory attribute, ``address``. Optionally, a
-second ``ip`` element with a ``family`` attribute set to "ipv6" can be specified
-to add an IPv6 address to the interface. ``address``. Optionally, address
-``prefix`` can be specified.
+The ``user`` type connects the guest interface to the outside via a
+transparent userspace proxy that doesn't require any special system
+privileges, making it usable in cases when libvirt itself is running
+with no privileges (e.g. libvirt's "session mode" daemon, or when
+libvirt is run inside an unprivileged container).
+
+By default, this user proxy is done with QEMU's internal SLIRP driver
+which has DHCP & DNS services that give the guest IP addresses
+starting from ``10.0.2.15``, a default route of ``10.0.2.2`` and DNS
+server of ``10.0.2.3``. :since:`Since 3.8.0` it is possible to override
+the default network address by including an ``ip`` element specifying
+an IPv4 address in its one mandatory attribute,
+``address``. Optionally, a second ``ip`` element with a ``family``
+attribute set to "ipv6" can be specified to add an IPv6 address to the
+interface. ``address``. Optionally, address ``prefix`` can be
+specified.
 
 ::
 
@@ -4794,6 +4857,72 @@ to add an IPv6 address to the interface. ``address``. Optionally, address
    </devices>
    ...
 
+:since:`Since 9.0.0` an alternate backend implementation of the
+``user`` interface type can be selected by setting the interface's
+``<backend>`` subelement ``type`` attribute to ``passt``. In this
+case, the passt transport (https://passt.top) is used. Similar to
+SLIRP, passt has an internal DHCP server that provides a requesting
+guest with one ipv4 and one ipv6 address; it then uses userspace
+proxies and a separate network namespace to provide outgoing
+UDP/TCP/ICMP sessions, and optionally redirect incoming traffic
+destined for the host toward the guest instead.
+
+When the passt backend is used, the ``<backend>`` attribute
+``logFile`` can be used to tell the passt process for this interface
+where to write its message log, and the ``<source>`` attribute ``dev``
+can tell it to use a particular host interface to derive the routes
+given to the guest for forwarding traffic upstream.
+
+Additionally, when passt is used, multiple ``<portForward>`` elements
+can be added to forward incoming network traffic for the host to this
+guest interface. Each ``<portForward>`` must have a ``proto``
+attribute (set to ``tcp`` or ``udp``) and optional original
+``address`` (if not specified, then all incoming sessions to any host
+IP for the given proto/port(s) will be forwarded to the guest).
+
+The decision of which ports to forward is described with zero or more
+``<range>`` subelements of ``<portForward>`` (if there is no
+``<range>`` then **all** ports for the given proto/address will be
+forwarded). Each ``<range>`` has a ``start`` and optional ``end``
+attribute. If ``end`` is omitted then a single port will be forwarded,
+otherwise all ports between ``start`` and ``end`` (inclusive) will be
+forwarded. If the port number(s) should remain unmodified as the
+session is forwarded, no further options are needed, but if the guest
+is expecting the sessions on a different port, then this should be
+specified with the ``to`` attribute of ``<range>`` - the port number
+of each forwarded session in the range will be offeset by "``to`` -
+``start``".  A ``<range>`` element can also be used to specify a range
+of ports that should **not** be forwarded. This is done by setting the
+range's ``exclude`` attribute to ``yes``. This may not seem very
+useful, but can be when it is desirable to forward a long range of
+ports **with the exception of some subset**.
+
+::
+
+   ...
+   <devices>
+     ...
+     <interface type='user'>
+       <backend type='passt' logFile='/tmp/passt.log'/>
+       <mac address="00:11:22:33:44:55"/>
+       <source dev='eth0'/>
+       <ip family='ipv4' address='172.17.2.4' prefix='24'/>
+       <ip family='ipv6' address='2001:db8:ac10:fd01::20'/>
+       <portForward proto='tcp'>
+         <range start='2022' to='22'/>
+       </portForward>
+       <portForward proto='udp' address='1.2.3.4'>
+         <range start='5000' end='5020' to='6000'/>
+         <range start='5010' end='5015' exclude='yes'/>
+       </portForward>
+       <portForward proto='tcp' address='2001:db8:ac10:fd01::1:10'>
+         <range start='80'/>
+         <range start='443' to='344'/>
+       </portForward>
+     </interface>
+   </devices>
+   ...
+
 Generic ethernet connection
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -5309,6 +5438,7 @@ Typical values for QEMU and KVM include: ne2k_isa i82551 i82557b i82559er
 ne2k_pci pcnet rtl8139 e1000 virtio. :since:`Since 5.2.0` ,
 ``virtio-transitional`` and ``virtio-non-transitional`` values are supported.
 See `Virtio transitional devices`_ for more details.
+:since:`Since 9.3.0` igb is also supported.
 
 Setting NIC driver-specific options
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -6346,6 +6476,13 @@ A video device.
    :since:`since 1.3.3` ) extends secondary bar and makes it addressable as
    64bit memory.
 
+   :since:`Since 9.2.0` (QEMU driver only), devices with type "virtio" have an
+   optional ``blob`` attribute that can be set to "on" or "off". Setting
+   ``blob`` to "on" will enable the use of blob resources in the device. This
+   can accelerate the display path by reducing or eliminating copying of pixel
+   data between the guest and host. Note that blob resource support requires
+   QEMU version 6.1 or newer.
+
    :since:`Since 5.9.0` , the ``model`` element may also have an optional
    ``resolution`` sub-element. The ``resolution`` element has attributes ``x``
    and ``y`` to set the minimum resolution for the video device. This
@@ -6494,10 +6631,11 @@ Serial port
        <target port='0'/>
      </serial>
      <!-- Debug port for SeaBIOS / EDK II -->
-     <serial type='pty'>
+     <serial type='file'>
        <target type='isa-debug'/>
        <address type='isa' iobase='0x402'/>
-     </console>
+       <source path='/tmp/DOMAIN-ovmf.log'/>
+     </serial>
 
    </devices>
    ...
@@ -6533,9 +6671,9 @@ with the ``isa-serial`` target type); ``usb-serial`` (usable with the
 target type); ``spapr-vty`` (usable with the ``spapr-vio-serial`` target type);
 ``pl011`` and, :since:`since 4.7.0` , ``16550a`` (usable with the
 ``system-serial`` target type); ``sclpconsole`` and ``sclplmconsole`` (usable
-with the ``sclp-serial`` target type). ``isa-debugcon`` (usable with the
-``isa-debug`` target type); provides a virtual console for receiving debug
-messages from the firmware on x86 platforms. :since:`Since: 8.1.0`.
+with the ``sclp-serial`` target type). :since:`Since: 8.1.0`, ``isa-debugcon``
+(usable with the ``isa-debug`` target type); provides a virtual console for
+receiving debug messages from the firmware on x86 platforms.
 Providing a target model is usually unnecessary: libvirt will automatically
 pick one that's suitable for the chosen target type, and overriding that
 value is generally not recommended.
@@ -7079,9 +7217,9 @@ A virtual sound card can be attached to the host via the ``sound`` element.
 ``sound``
    The ``sound`` element has one mandatory attribute, ``model``, which specifies
    what real sound device is emulated. Valid values are specific to the
-   underlying hypervisor, though typical choices are 'sb16', 'es1370', 'pcspk',
-   'ac97' (:since:`Since 0.6.0`), 'ich6' (:since:`Since 0.8.8`), 'ich9'
-   (:since:`Since 1.1.3`), 'usb' (:since:`Since 1.2.8`) and 'ich7'
+   underlying hypervisor, though typical choices are ``sb16``, ``es1370``,
+   ``pcspk``, ``ac97`` (:since:`Since 0.6.0`), ``ich6`` (:since:`Since 0.8.8`),
+   ``ich9`` (:since:`Since 1.1.3`), ``usb`` (:since:`Since 1.2.8`) and ``ich7``
    (:since:`Since 6.7.0`, bhyve only).
 
 :since:`Since 0.9.13` , a sound element with ``ich6`` or ``ich9`` models can have
@@ -7091,9 +7229,9 @@ and recording.
 
 Valid values are:
 
--  'duplex' - advertise a line-in and a line-out
--  'micro' - advertise a speaker and a microphone
--  'output' - advertise a line-out :since:`Since 4.4.0`
+-  ``duplex`` - advertise a line-in and a line-out
+-  ``micro`` - advertise a speaker and a microphone
+-  ``output`` - advertise a line-out :since:`Since 4.4.0`
 
 ::
 
@@ -7105,6 +7243,11 @@ Valid values are:
    </devices>
    ...
 
+:since:`Since 9.4.0` the ``usb`` sound device can be optionally switched into
+multi-channel mode by using the ``multichannel`` attribute::
+
+  <sound model='usb' multichannel='yes'/>
+
 Each ``sound`` element has an optional sub-element ``<address>`` which can tie
 the device to a particular PCI slot. See `Device Addresses`_.
 
@@ -7134,8 +7277,8 @@ to the guest sound device.
 
 ``type``
    The required ``type`` attribute specifies audio backend type.
-   Currently, the supported values are 'none', 'alsa', 'coreaudio',
-   'dbus', jack', 'oss', 'pulseaudio', 'sdl', 'spice', 'file'.
+   Currently, the supported values are ``none``, ``alsa``, ``coreaudio``,
+   ``dbus``, ``jack``, ``oss``, ``pulseaudio``, ``sdl``, ``spice``, ``file``.
 
 ``id``
    Integer id of the audio device. Must be greater than 0.
@@ -7209,22 +7352,22 @@ is permitted with the following attributes.
 
 Note:
 If no ``<audio/>`` element is defined, and the ``graphics`` element is set to
-either 'vnc' or 'sdl', the libvirtd or virtqemud process will honor the following
-environment variables:
+either ``vnc`` or ``sdl``, the libvirtd or virtqemud process will honor the
+following environment variables:
 
 * ``SDL_AUDIODRIVER``
 
-  Valid values are 'pulseaudio', 'esd', 'alsa' or 'arts'.
+  Valid values are ``pulseaudio``, ``esd``, ``alsa`` or ``arts``.
 
 * ``QEMU_AUDIO_DRV``
 
-  Valid values are 'pa', 'none', 'alsa', 'coreaudio', 'jack', 'oss',
-  'sdl', 'spice' or 'wav'.
+  Valid values are ``pa``, ``none``, ``alsa``, ``coreaudio``, ``jack``, ``oss``,
+  ``sdl``, ``spice`` or ``wav``.
 
 None audio backend
 ^^^^^^^^^^^^^^^^^^
 
-The 'none' audio backend is a dummy backend that does not connect to
+The ``none`` audio backend is a dummy backend that does not connect to
 any host audio framework. It still allows a remote desktop server
 like VNC to send and receive audio though. This is the default backend
 when VNC graphics are enabled in QEMU.
@@ -7234,7 +7377,7 @@ when VNC graphics are enabled in QEMU.
 ALSA audio backend
 ^^^^^^^^^^^^^^^^^^
 
-The 'alsa' audio type uses the ALSA host audio device framework.
+The ``alsa`` audio type uses the ALSA host audio device framework.
 
 The following additional attributes are permitted on the ``<input>``
 and ``<output>`` elements
@@ -7256,7 +7399,7 @@ and ``<output>`` elements
 Coreaudio audio backend
 ^^^^^^^^^^^^^^^^^^^^^^^
 
-The 'coreaudio' audio backend delegates to a CoreAudio host audio framework
+The ``coreaudio`` audio backend delegates to a CoreAudio host audio framework
 for input and output on macOS.
 
 The following additional attributes are permitted on the ``<input>``
@@ -7279,7 +7422,7 @@ and ``<output>`` elements
 D-Bus audio backend
 ^^^^^^^^^^^^^^^^^^^
 
-The 'dbus' audio backend does not connect to any host audio framework. It
+The ``dbus`` audio backend does not connect to any host audio framework. It
 exports a D-Bus interface when associated with a D-Bus display.
 
 :since:`Since 8.4.0, qemu`
@@ -7287,7 +7430,7 @@ exports a D-Bus interface when associated with a D-Bus display.
 Jack audio backend
 ^^^^^^^^^^^^^^^^^^
 
-The 'jack' audio backend delegates to a Jack daemon for audio input
+The ``jack`` audio backend delegates to a Jack daemon for audio input
 and output.
 
 The following additional attributes are permitted on the ``<input>``
@@ -7323,7 +7466,7 @@ and ``<output>`` elements
 OSS audio backend
 ^^^^^^^^^^^^^^^^^
 
-The 'oss' audio type uses the OSS host audio device framework.
+The ``oss`` audio type uses the OSS host audio device framework.
 
 The following additional attributes are permitted on the ``<audio>``
 element
@@ -7371,7 +7514,7 @@ and ``<output>`` elements
 PulseAudio audio backend
 ^^^^^^^^^^^^^^^^^^^^^^^^
 
-The 'pulseaudio' audio backend delegates to a PulseAudio daemon audio input
+The ``pulseaudio`` audio backend delegates to a PulseAudio daemon audio input
 and output.
 
 The following additional attributes are permitted on the ``<audio>``
@@ -7408,7 +7551,7 @@ and ``<output>`` elements
 SDL audio backend
 ^^^^^^^^^^^^^^^^^
 
-The 'sdl' audio backend delegates to the SDL library for audio input
+The ``sdl`` audio backend delegates to the SDL library for audio input
 and output.
 
 The following additional attributes are permitted on the ``<audio>``
@@ -7417,7 +7560,7 @@ element
 * ``driver``
 
   SDL audio driver. The ``name`` attribute specifies SDL driver name,
-  one of 'esd', 'alsa', 'arts', 'pulseaudio'.
+  one of ``esd``, ``alsa``, ``arts``, ``pulseaudio``.
 
 The following additional attributes are permitted on the ``<input>``
 and ``<output>`` elements
@@ -7439,7 +7582,7 @@ and ``<output>`` elements
 Spice audio backend
 ^^^^^^^^^^^^^^^^^^^
 
-The 'spice' audio backend is similar to the 'none' backend in that
+The ``spice`` audio backend is similar to the ``none`` backend in that
 it does not connect to any host audio framework. It exclusively
 allows a SPICE server to send and receive audio. This is the default
 backend when SPICE graphics are enabled in QEMU.
@@ -7453,9 +7596,9 @@ backend when SPICE graphics are enabled in QEMU.
 File audio backend
 ^^^^^^^^^^^^^^^^^^
 
-The 'file' audio backend is an output only driver which records
+The ``file`` audio backend is an output only driver which records
 audio to a file. The file format is implementation defined, and
-defaults to 'WAV' with QEMU.
+defaults to ``WAV`` with QEMU.
 
 ::
 
@@ -7463,8 +7606,8 @@ defaults to 'WAV' with QEMU.
 
 :since:`Since 7.2.0, qemu`
 
-Watchdog device
-~~~~~~~~~~~~~~~
+Watchdog devices
+~~~~~~~~~~~~~~~~
 
 A virtual hardware watchdog device can be added to the guest via the
 ``watchdog`` element. :since:`Since 0.7.3, QEMU and KVM only`
@@ -7476,6 +7619,11 @@ anything useful on its own.
 Currently libvirt does not support notification when the watchdog fires. This
 feature is planned for a future version of libvirt.
 
+Having multiple watchdogs is usually not something very common, but be aware
+that this might happen, for example, when an implicit watchdog device is added
+as part of another device.  For example the iTCO watchdog being part of the ich9
+southbridge, which is used with the q35 machine type. :since:`Since 9.1.0`
+
 ::
 
    ...
@@ -7498,6 +7646,7 @@ feature is planned for a future version of libvirt.
 
    QEMU and KVM support:
 
+   -  'itco' - included by default with q35 machine type :since:`Since 9.1.0`
    -  'i6300esb' - the recommended device, emulating a PCI Intel 6300ESB
    -  'ib700' - emulating an ISA iBase IB700
    -  'diag288' - emulating an S390 DIAG288 device :since:`Since 1.2.17`
@@ -7853,6 +8002,7 @@ Example: usage of panic configuration
    -  'hyperv' - for Hyper-V crash CPU feature. :since:`Since 1.3.0, QEMU and
       KVM only`
    -  's390' - default for S390 guests. :since:`Since 1.3.5`
+   -  'pvpanic' - for PCI pvpanic device :since:`Since 9.1.0, QEMU only`
 
 ``address``
    address of panic. The default ioport is 0x505. Most users don't need to
@@ -7986,6 +8136,7 @@ Example: usage of the memory devices
        </source>
        <target>
          <size unit='KiB'>524288</size>
+         <address base='0x140000000'/>
        </target>
      </memory>
      <memory model='virtio-mem'>
@@ -7999,6 +8150,21 @@ Example: usage of the memory devices
          <block unit='KiB'>2048</block>
          <requested unit='KiB'>1048576</requested>
          <current unit='KiB'>524288</current>
+         <address base='0x150000000'/>
+       </target>
+     </memory>
+     <memory model='sgx-epc'>
+       <source>
+         <nodemask>0-1</nodemask>
+       </source>
+       <target>
+         <size unit='KiB'>16384</size>
+         <node>0</node>
+       </target>
+     </memory>
+     <memory model='sgx-epc'>
+       <target>
+         <size unit='KiB'>16384</size>
        </target>
      </memory>
    </devices>
@@ -8009,7 +8175,9 @@ Example: usage of the memory devices
    1.2.14` Provide ``nvdimm`` model that adds a Non-Volatile DIMM module.
    :since:`Since 3.2.0` Provide ``virtio-pmem`` model to add a paravirtualized
    persistent memory device. :since:`Since 7.1.0` Provide ``virtio-mem`` model
-   to add paravirtualized memory device. :since:`Since 7.9.0`
+   to add paravirtualized memory device. :since:`Since 7.9.0` Provide
+   ``sgx-epc`` model to add a SGX enclave page cache (EPC) memory to the guest.
+   :since:`Since 8.10.0 and QEMU 7.0.0`
 
 ``access``
    An optional attribute ``access`` ( :since:`since 3.2.0` ) that provides
@@ -8069,6 +8237,13 @@ Example: usage of the memory devices
      Represents a path in the host that backs the virtio memory module in the
      guest. It is mandatory.
 
+   For model ``sgx-epc`` this element is optional. The following optional
+   elements may be used:
+
+   ``nodemask``
+      This element can be used to override the default set of NUMA nodes where
+      the memory would be allocated. :since:`Since 8.10.0 and QEMU 7.0.0`
+
 ``target``
    The mandatory ``target`` element configures the placement and sizing of the
    added memory from the perspective of the guest.
@@ -8119,6 +8294,11 @@ Example: usage of the memory devices
      element is formatted into live XML and never parsed, i.e. it is
      output-only element.
 
+   ``address``
+     For ``virtio-mem`` and ``virtio-pmem`` only.
+     The physical address in memory, where device is mapped. :since:`Since
+     9.4.0`
+
 
 IOMMU devices
 ~~~~~~~~~~~~~
@@ -8201,6 +8381,27 @@ The optional ``driver`` element allows to specify virtio options, see
    ...
 
 
+Crypto
+~~~~~~
+
+A crypto device. The ``model`` attribute defaults to ``virtio``.
+:since:`Since v9.0.0` ``model`` supports ``virtio`` only. The ``type`` attribute
+defaults to ``qemu``. :since:`Since v9.0.0` ``type`` supports ``qemu`` only.
+The optional attribute ``backend`` is required if the ``type`` is ``qemu``, the
+``model`` attribute can be ``builtint`` and ``lkcf``, the optional attribute
+``queues`` specifies the number of virt queues for virtio crypto.
+
+::
+
+   ...
+   <devices>
+     <crypto model='virtio' type='qemu'>
+       <backend model='builtin' queues='1'/>
+     </crypto>
+   </devices>
+   ...
+
+
 Security label
 --------------
 

docs/formatdomaincaps.rst

@@ -187,6 +187,7 @@ CPUs <formatdomain.html#cpu-model-and-topology>`__.
        <mode name='host-model' supported='yes'>
          <model fallback='allow'>Broadwell</model>
          <vendor>Intel</vendor>
+         <maxphysaddr mode="passthrough" limit="39"/>
          <feature policy='disable' name='aes'/>
          <feature policy='require' name='vmx'/>
        </mode>
@@ -218,7 +219,10 @@ more details about it:
    indicated by the ``fallback`` attribute of the ``model`` sub element:
    ``allow`` means not all specifics were accounted for and thus the CPU a guest
    will see may be different; ``forbid`` indicates that the CPU a guest will see
-   should match this CPU definition.
+   should match this CPU definition. The optional ``maxphysaddr`` element
+   reports physical address size of the host CPU if this value is available and
+   applicable for the requested domain type. This is useful for computing
+   baseline CPU definition which should be compatible with several hosts.
 ``custom``
    The ``mode`` element contains a list of supported CPU models, each described
    by a dedicated ``model`` element. The ``usable`` attribute specifies whether
@@ -589,6 +593,39 @@ Channel device capabilities are exposed under the ``channel`` element. For insta
 ``type``
    Options for the ``type`` attribute of the ``<channel/>`` element.
 
+Crypto device
+^^^^^^^^^^^^^^
+
+Crypto device capabilities are exposed under the ``crypto`` element. For instance:
+
+::
+
+  <domainCapabilities>
+    ...
+    <devices>
+      <crypto supported='yes'>
+        <enum name='model'>
+          <value>virtio</value>
+        </enum>
+        <enum name='type'>
+          <value>qemu</value>
+        </enum>
+        <enum name='backendModel'>
+          <value>builtin</value>
+          <value>lkcf</value>
+        </enum>
+      </crypto>
+      ...
+    </devices>
+  </domainCapabilities>
+
+``model``
+   Options for the ``model`` attribute of the ``<crypto/>`` element.
+``type``
+   Options for the ``type`` attribute of the ``<crypto/>`` element.
+``backendModel``
+   Options for the ``backendModel`` attribute of the ``<crypto><backend/>`` element.
+
 Features
 ~~~~~~~~
 
@@ -614,6 +651,22 @@ capabilities. All features occur as children of the main ``features`` element.
          <cbitpos>47</cbitpos>
          <reduced-phys-bits>1</reduced-phys-bits>
        </sev>
+       <sgx supported='yes'>
+         <flc>no</flc>
+         <sgx1>yes</sgx1>
+         <sgx2>no</sgx2>
+         <section_size unit='KiB'>524288</section_size>
+         <sections>
+           <section node='0' size='262144' unit='KiB'/>
+           <section node='1' size='262144' unit='KiB'/>
+         </sections>
+       </sgx>
+       <hyperv supported='yes'>
+         <enum name='features'>
+           <value>relaxed</value>
+           <value>vapic</value>
+         </enum>
+       </hyperv>
      </features>
    </domainCapabilities>
 
@@ -693,3 +746,46 @@ in domain XML <formatdomain.html#launch-security>`__
 ``maxESGuests``
    The maximum number of SEV-ES guests that can be launched on the host. This
    value may be configurable in the firmware for some hosts.
+
+SGX capabilities
+^^^^^^^^^^^^^^^^
+
+Intel Software Guard Extensions (Intel SGX) capabilities are exposed under the
+``sgx`` element.
+
+Intel SGX helps protect data in use via unique application isolation technology.
+Protect selected code and data from modification using hardened enclaves with
+Intel SGX.
+
+For more details on the SGX feature, please follow resources in the SGX developer's
+document store. In order to use SGX with libvirt have a look at `SGX in domain XML
+<formatdomain.html#memory-devices>`__
+
+``flc``
+   FLC (Flexible Launch Control), not strictly part of SGX2, but was not part of
+   original SGX hardware either.
+
+``sgx1``
+   the sgx version 1.
+
+``sgx2``
+   The sgx version 2.
+
+``section_size``
+   The size of the SGX enclave page cache (called EPC).
+
+``sections``
+   The sections of the SGX enclave page cache (called EPC).
+
+
+Hyper-V Enlightenments
+^^^^^^^^^^^^^^^^^^^^^^
+
+Report which features improving behavior of guests running Microsoft Windows
+are supported. The ``features`` enum corresponds to the ``<hyperv/>`` element
+(well, its children) as documented in `Hypervisor features
+<formatdomain.html#hypervisor-features>`__.
+
+Please note that depending on the QEMU version some capabilities might be
+missing even though QEMU does support them. This is because prior to QEMU-6.1.0
+not all features were reported by QEMU.

docs/formatstorageencryption.rst

@@ -28,7 +28,10 @@ network disks. If the engine tag is not specified, the ``qemu`` engine will be
 used by default (assuming the qemu driver is used). Note that ``librbd`` engine
 is currently only supported by the qemu VM driver, and is not supported by the
 storage driver. Furthermore, the storage driver currently ignores the ``engine``
-tag.
+tag. :since:`since 9.3.0` RBD layered encryption is supported. Layered
+encryption requires a secret per each encrypted layer. The first secret
+corresponds to the (child) image itself, the second secret to the parent image,
+and so forth.
 
 The ``encryption`` tag can currently contain a sequence of ``secret`` tags, each
 with mandatory attributes ``type`` and either ``uuid`` or ``usage`` (
@@ -55,7 +58,8 @@ added to libvirt.
 The ``luks`` format is specific to a luks encrypted volume and the secret is
 used in order to either encrypt during volume creation or decrypt the volume for
 usage by the domain. A single ``<secret type='passphrase'...>`` element is
-expected. :since:`Since 2.1.0` .
+expected (except for the case of RBD layered encryption mentioned above).
+:since:`Since 2.1.0` .
 
 For volume creation, it is possible to specify the encryption algorithm used to
 encrypt the luks volume. The following two optional elements may be provided for
@@ -102,7 +106,17 @@ can only be applied to RBD network disks (RBD images). Since the ``librbd``
 engine is currently not supported by the libvirt storage driver, you cannot use
 it to control such disks. However, pre-formatted RBD luks2 disks can be loaded
 to a qemu VM using the qemu VM driver. A single
-``<secret type='passphrase'...>`` element is expected.
+``<secret type='passphrase'...>`` element is expected (except for the case of
+RBD layered encryption mentioned above).
+
+``luks-any`` format
+~~~~~~~~~~~~~~~~~~~
+
+The ``luks-any`` format is currently supported only by the ``librbd`` engine,
+and can only be applied to RBD network disks (RBD images). This format will try
+to parse the disk as either LUKS or LUKS2, depending on the actual on-disk
+format. A single ``<secret type='passphrase'...>`` element is expected (except
+for the case of RBD layered encryption mentioned above) :since:`Since 9.3.0` .
 
 Examples
 --------

docs/go/libvirt.rst

@@ -1,3 +1,6 @@
+.. meta::
+   :go-import: libvirt.org/go/libvirt git https://gitlab.com/libvirt/libvirt-go-module.git
+
 =========================================
 Libvirt Go Language API (with Go modules)
 =========================================

docs/go/libvirtxml.rst

@@ -1,3 +1,6 @@
+.. meta::
+   :go-import: libvirt.org/go/libvirtxml git https://gitlab.com/libvirt/libvirt-go-xml-module.git
+
 ============================================
 Libvirt Go XML parsing API (with Go modules)
 ============================================

docs/golang.rst

@@ -0,0 +1,21 @@
+====================
+Go Language bindings
+====================
+
+Modern libvirt API bindings with Go modules
+-------------------------------------------
+
+The libvirt API bindings package and module for XML manipulation:
+
+ - `libvirt.org/go/libvirt <go/libvirt.html>`__ package https://pkg.go.dev/libvirt.org/go/libvirt
+ - `libvirt.org/go/libvirtxml <go/libvirtxml.html>`__ package https://pkg.go.dev/libvirt.org/go/libvirtxml
+
+
+Obsolete libvirt language bindings
+----------------------------------
+
+The following two go packages were superseded, but software currently using them
+will keep working. No further development will take place.
+
+ - `libvirt.org/libvirt-go <libvirt-go.html>`__ - CGo binding to the native API
+ - `libvirt.org/libvirt-go-xml <libvirt-go-xml.html>`)) - annotated Go struct definitions for XML handling

docs/hooks.rst

@@ -78,7 +78,7 @@ or:
 
 ::
 
-   #!/usr/bin/python
+   #!/usr/bin/env python3
 
 Other command interpreters are equally valid, as is any executable binary, so
 you are welcome to use your favourite languages.

docs/html/index.rst

@@ -0,0 +1,65 @@
+============================
+Reference Manual for libvirt
+============================
+
+.. contents::
+
+Main libvirt APIs
+-----------------
+
+`libvirt-common <libvirt-libvirt-common.html>`__
+    common macros and enums for the libvirt and libvirt-admin library
+
+`libvirt-domain-checkpoint <libvirt-libvirt-domain-checkpoint.html>`__
+    APIs for management of domain checkpoints
+
+`libvirt-domain-snapshot <libvirt-libvirt-domain-snapshot.html>`__
+    APIs for management of domain snapshots
+
+`libvirt-domain <libvirt-libvirt-domain.html>`__
+    APIs for management of domains
+
+`libvirt-event <libvirt-libvirt-event.html>`__
+    APIs for management of events
+
+`libvirt-host <libvirt-libvirt-host.html>`__
+    APIs for management of hosts
+
+`libvirt-interface <libvirt-libvirt-interface.html>`__
+    APIs for management of interfaces
+
+`libvirt-network <libvirt-libvirt-network.html>`__
+    APIs for management of networks
+
+`libvirt-nodedev <libvirt-libvirt-nodedev.html>`__
+    APIs for management of nodedevs
+
+`libvirt-nwfilter <libvirt-libvirt-nwfilter.html>`__
+    APIs for management of nwfilters
+
+`libvirt-secret <libvirt-libvirt-secret.html>`__
+    APIs for management of secrets
+
+`libvirt-storage <libvirt-libvirt-storage.html>`__
+    APIs for management of storage pools and volumes
+
+`libvirt-stream <libvirt-libvirt-stream.html>`__
+    APIs for management of streams
+
+Error handling
+--------------
+
+`virterror <libvirt-virterror.html>`__
+    error handling interfaces for the libvirt library
+
+Special specific APIs
+---------------------
+
+`admin interface <libvirt-libvirt-admin.html>`__
+    APIs for management of the libvirt daemons
+
+`qemu driver <libvirt-libvirt-qemu.html>`__
+   qemu-driver specific APIs
+
+`lxc driver <libvirt-libvirt-lxc.html>`__
+   lxc-driver specific APIs

docs/html/meson.build

@@ -1,16 +1,3 @@
-apipng = [
-  'home.png',
-  'left.png',
-  'right.png',
-  'up.png',
-]
-
-install_data(apipng, install_dir: docs_html_dir / 'html')
-
-foreach file : apipng
-  install_web_files += '@0@:@1@'.format(meson.current_source_dir() / file, docs_html_dir / 'html')
-endforeach
-
 docs_html_gen = []
 docs_html_dep = []
 
@@ -21,7 +8,6 @@ index_api_gen = custom_target(
     docs_api_xml,
   ],
   output: [
-    'index.html',
     'libvirt-libvirt-common.html',
     'libvirt-libvirt-domain.html',
     'libvirt-libvirt-domain-checkpoint.html',
@@ -61,14 +47,12 @@ foreach name : [ 'admin', 'lxc', 'qemu' ]
       get_variable('docs_@0@_api_xml'.format(name)),
     ],
     output: [
-      'index-@0@.html'.format(name),
       'libvirt-libvirt-@0@.html'.format(name),
     ],
     command: [
       xsltproc_prog, '--nonet', '-o', docs_builddir,
       '--stringparam', 'builddir', meson.project_build_root(),
       '--stringparam', 'timestamp', docs_timestamp,
-      '--stringparam', 'indexfile', 'index-@0@.html'.format(name),
       '@INPUT@',
     ],
     install: true,
@@ -91,6 +75,50 @@ foreach file : docs_html_gen
   install_web_files += '@0@:@1@'.format(file.full_path(), docs_html_dir / 'html')
 endforeach
 
+html_xslt_gen_install_dir = docs_html_dir / 'html'
+html_xslt_gen = []
+
+html_xslt_gen += {
+  'name': 'index',
+  'file': docs_rst2html5_gen.process('index.rst'),
+  'source': 'docs' / 'html' / 'index.rst',
+  'href_base': '../',
+  }
+
+# --- begin of XSLT processing ---
+
+foreach data : html_xslt_gen
+  html_filename = data['name'] + '.html'
+
+  html_file = custom_target(
+    html_filename,
+    input: data.get('file', data['name'] + '.html.in'),
+    output: html_filename,
+    command: [
+      xsltproc_prog,
+      '--stringparam', 'pagesrc', data.get('source', ''),
+      '--stringparam', 'builddir', meson.project_build_root(),
+      '--stringparam', 'timestamp', docs_timestamp,
+      '--stringparam', 'href_base', data.get('href_base', ''),
+      '--nonet',
+      site_xsl,
+      '@INPUT@',
+    ],
+    depends: data.get('depends', []),
+    depend_files: [ page_xsl ],
+    capture: true,
+    install: true,
+    install_dir: html_xslt_gen_install_dir,
+  )
+
+  install_web_deps += html_file
+  install_web_files += html_file.full_path() + ':' + html_xslt_gen_install_dir
+endforeach
+
+html_xslt_gen = []
+
+# --- end of XSLT processing ---
+
 test(
   'check-html',
   xmllint_prog,

docs/images/meson.build

@@ -17,7 +17,11 @@ install_data(docs_image_files, install_dir: docs_html_dir / 'images')
 foreach file : docs_image_files
   # This hack enables us to view the web pages
   # from within the uninstalled build tree
-  configure_file(input: file, output: file, copy: true)
+  if meson.version().version_compare('>=0.64.0')
+    fs.copyfile(file)
+  else
+    configure_file(input: file, output: file, copy: true)
+  endif
 
   install_web_files += '@0@:@1@'.format(meson.current_source_dir() / file, docs_html_dir / 'images')
 endforeach

docs/index.html.in

@@ -1,87 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <script type="text/javascript">
-      <!--
-      window.addEventListener("load", function() { fetchRSS() });
-      // -->
-    </script>
-  </head>
-  <body id="index">
-    <h1>The virtualization API</h1>
-
-    <div class="panel">
-      <h2>Introduction</h2>
-      <p>
-        The libvirt project:
-      </p>
-      <ul>
-        <li>is a toolkit to manage <a href="platforms.html">virtualization platforms</a></li>
-        <li>is accessible from C, Python, Perl, Go and more</li>
-        <li>is licensed under open source licenses</li>
-        <li>supports <a href="drvqemu.html">KVM</a>,
-          <a href="drvqemu.html">Hypervisor.framework</a>,
-          <a href="drvqemu.html">QEMU</a>, <a href="drvxen.html">Xen</a>,
-          <a href="drvvirtuozzo.html">Virtuozzo</a>,
-          <a href="drvesx.html">VMWare ESX</a>,
-          <a href="drvlxc.html">LXC</a>,
-          <a href="drvbhyve.html">BHyve</a> and
-          <a href="drivers.html">more</a></li>
-        <li>targets Linux, FreeBSD, <a href="windows.html">Windows</a> and
-          <a href="macos.html">macOS</a></li>
-        <li>is used by many <a href="apps.html">applications</a></li>
-      </ul>
-      <p>Recent / forthcoming <a href="news.html">release changes</a></p>
-    </div>
-
-    <div class="panel">
-      <h2>Quick Links</h2>
-
-      <dl>
-        <dt><a href="contribute.html">New contributors</a></dt>
-        <dd>Get involved in the libvirt community &amp; student outreach programs</dd>
-
-        <dt><a href="securityprocess.html">Security vulnerabilities</a></dt>
-        <dd>View security notices and report vulnerabilities to the libvirt security response team</dd>
-
-        <dt><a href="bugs.html">Bug reporting</a></dt>
-        <dd>View and report bugs in libvirt packages</dd>
-
-        <dt><a href="format.html">XML configuration</a></dt>
-        <dd>Description of the XML schemas for
-          <a href="formatdomain.html">domains</a>,
-          <a href="formatnetwork.html">networks</a>,
-          <a href="formatnwfilter.html">network filtering</a>,
-          <a href="formatstorage.html">storage</a>,
-          <a href="formatstorageencryption.html">storage encryption</a>,
-          <a href="formatcaps.html">capabilities</a>,
-          <a href="formatdomaincaps.html">domain capabilities</a>,
-          <a href="formatstoragecaps.html">storage pool capabilities</a>,
-          <a href="formatnode.html">node devices</a>,
-          <a href="formatsecret.html">secrets</a>,
-          <a href="formatsnapshot.html">snapshots</a>,
-          <a href="formatcheckpoint.html">checkpoints</a>,
-          <a href="formatbackup.html">backup jobs</a></dd>
-        <dt><a href="https://wiki.libvirt.org">Wiki</a></dt>
-        <dd>Read further community contributed content</dd>
-
-        <dt><a href="kbase/index.html">Knowledge base</a></dt>
-        <dd>Learn more about libvirt through knowledge base</dd>
-      </dl>
-    </div>
-
-    <div class="panel">
-      <h2>Blog Planet</h2>
-      <div id="planet">
-      </div>
-
-      <p>
-        Read more on the <a href="https://planet.virt-tools.org/">Virt Tools blog planet</a>
-      </p>
-    </div>
-
-    <br class="clear"/>
-
-  </body>
-</html>

docs/index.rst

@@ -0,0 +1,70 @@
+======================
+The virtualization API
+======================
+
+Introduction
+------------
+
+The libvirt project:
+
+-  is a toolkit to manage `virtualization platforms <platforms.html>`__
+-  is accessible from C, Python, Perl, Go and more
+-  is licensed under open source licenses
+-  supports
+   `KVM <drvqemu.html>`__,
+   `Hypervisor.framework <drvqemu.html>`__,
+   `QEMU <drvqemu.html>`__,
+   `Xen <drvxen.html>`__,
+   `Virtuozzo <drvvirtuozzo.html>`__,
+   `VMWare ESX <drvesx.html>`__,
+   `LXC <drvlxc.html>`__,
+   `BHyve <drvbhyve.html>`__ and
+   `more <drivers.html>`__
+-  targets Linux, FreeBSD, `Windows <windows.html>`__ and `macOS <macos.html>`__
+-  is used by many `applications <apps.html>`__
+
+Recent / forthcoming `release changes <news.html>`__
+
+Quick Links
+-----------
+
+`New contributors <contribute.html>`__
+  Get involved in the libvirt community & student outreach programs
+`Security vulnerabilities <securityprocess.html>`__
+  View security notices and report vulnerabilities to the libvirt security
+  response team
+`Bug reporting <bugs.html>`__
+  View and report bugs in libvirt packages
+`XML configuration <format.html>`__
+  Description of the XML schemas for
+  `domains <formatdomain.html>`__,
+  `networks <formatnetwork.html>`__,
+  `network filtering <formatnwfilter.html>`__,
+  `storage <formatstorage.html>`__,
+  `storage encryption <formatstorageencryption.html>`__,
+  `capabilities <formatcaps.html>`__,
+  `domain capabilities <formatdomaincaps.html>`__,
+  `storage pool capabilities <formatstoragecaps.html>`__,
+  `node devices <formatnode.html>`__,
+  `secrets <formatsecret.html>`__,
+  `snapshots <formatsnapshot.html>`__,
+  `checkpoints <formatcheckpoint.html>`__,
+  `backup jobs <formatbackup.html>`__
+`Wiki <https://wiki.libvirt.org>`__
+  Read further community contributed content
+`Knowledge base <kbase/index.html>`__
+  Learn more about libvirt through knowledge base
+
+Blog Planet
+-----------
+
+.. raw:: html
+
+   <script type="text/javascript">
+     <!--
+     window.addEventListener("load", function() { fetchRSS() });
+     // -->
+   </script>
+   <div id="planet"> </div>
+
+Read more on the `Virt Tools blog planet <https://planet.virt-tools.org/>`__

docs/java.rst

@@ -1,128 +0,0 @@
-=================
-Java API bindings
-=================
-
-.. contents::
-
-Presentation
-------------
-
-The Java bindings make use of `JNA <https://jna.dev.java.net/>`__ to expose the
-C API in a Java friendly way. The bindings are based on work initiated by Toth
-Istvan.
-
-Getting it
-----------
-
-The latest versions of the libvirt Java bindings can be downloaded from:
-
--  `libvirt.org FTP server <ftp://libvirt.org/libvirt/java/>`__
--  `libvirt.org HTTP server <https://libvirt.org/sources/java/>`__
-
-A maven repository is located at https://libvirt.org/maven2/ which you can use
-to include this in your maven projects.
-
-GIT source repository
----------------------
-
-The Java bindings code source is now maintained in a
-`git <https://git-scm.com/>`__ repository available on
-`gitlab.com <https://gitlab.com/libvirt/libvirt-java/>`__:
-
-::
-
-   git clone https://gitlab.com/libvirt/libvirt-java.git
-
-Building
---------
-
-The code is built using ant, and assumes that you have the jna jar installed.
-Once you have downloaded the code you can build the code with
-
-::
-
-
-   % cd libvirt-java
-   % ant build
-
-Content
--------
-
-The bindings are articulated around a few classes in the ``org/libvirt``
-package, notably the ``Connect``, ``Domain`` and ``Network`` ones. Functions in
-the `C API <html/index.html>`__ taking ``virConnectPtr``, ``virDomainPtr`` or
-``virNetworkPtr`` as their first argument usually become methods for the
-classes, their name is just stripped from the virConnect or virDomain(Get)
-prefix and the first letter gets converted to lower case, for example the C
-functions:
-
-``int virConnectNumOfDomains (virConnectPtr conn);``
-
-``int virDomainSetMaxMemory (virDomainPtr domain, unsigned long memory);``
-
-become
-
-``virConn.numOfDomains()``
-
-``virDomain.setMaxMemory(long memory)``
-
-There is of course some functions where the mapping is less direct and using
-extra classes to map complex arguments. The
-`Javadoc <https://libvirt.org/sources/java/javadoc>`__ is available online or as
-part of a separate libvirt-java-javadoc package.
-
-So let's look at a simple example inspired from the ``test.java`` test found in
-``src`` in the source tree:
-
-::
-
-   import org.libvirt.*;
-   public class minitest {
-       public static void main(String[] args) {
-           Connect conn=null;
-           try{
-               conn = new Connect("test:///default", true);
-           } catch (LibvirtException e) {
-               System.out.println("exception caught:"+e);
-               System.out.println(e.getError());
-           }
-           try{
-               Domain testDomain=conn.domainLookupByName("test");
-               System.out.println("Domain:" + testDomain.getName() + " id " +
-                                  testDomain.getID() + " running " +
-                                  testDomain.getOSType());
-           } catch (LibvirtException e) {
-               System.out.println("exception caught:"+e);
-               System.out.println(e.getError());
-           }
-       }
-   }
-
-There is not much to comment about it, it really is a straight mapping from the
-C API, the only points to notice are:
-
--  the import of the modules in the ``org.libvirt`` package
--  getting a connection to the hypervisor, in that case using the readonly
-   access to the default test hypervisor.
--  getting an object representing the test domain using ``lookupByName``
--  if the domain is not found a LibvirtError exception will be raised
--  extracting and printing some information about the domain using various
-   methods associated to the Domain class.
-
-Maven
------
-
-Up until version 0.4.7 the Java bindings were available from the central maven
-repository.
-
-If you want to use 0.4.8 or higher, please add the following repository to your
-pom.xml
-
-::
-
-   <repositories>
-     <repository>
-       <id>libvirt-org</id>
-       <url>https://libvirt.org/maven2</url>
-     </repository>
-   </repositories>

docs/js/main.js

@@ -54,21 +54,16 @@ function advancedsearch(e) {
         }
     }
 
+    form.setAttribute("action", "https://google.com/search");
+    newq.setAttribute("name", "q");
+
     if (what == "website") {
-        form.setAttribute("action", "https://google.com/search");
-        newq.setAttribute("name", "q");
         newq.value = "site:libvirt.org " + q.value;
     } else if (what == "wiki") {
-        form.setAttribute("action", "https://wiki.libvirt.org/index.php");
-        newq.setAttribute("name", "search");
-        newq.value = q.value;
+        newq.value = "site:wiki.libvirt.org " + q.value;
     } else if (what == "devs") {
-        form.setAttribute("action", "https://google.com/search");
-        newq.setAttribute("name", "q");
         newq.value = "site:redhat.com/archives/libvir-list " + q.value;
     } else if (what == "users") {
-        form.setAttribute("action", "https://google.com/search");
-        newq.setAttribute("name", "q");
         newq.value = "site:redhat.com/archives/libvirt-users " + q.value;
     }