guestfs-release-notes-1.32(1) Virtualization Support guestfs-release-notes-1.32(1)

guestfs-release-notes - libguestfs Release Notes

These release notes only cover the differences from the previous stable/dev branch split (1.30.0). For detailed changelogs, please see the git repository, or the ChangeLog file distributed in the tarball.

New tools

The new virt-v2v-copy-to-local(1) tool is an ancillary tool for virt-v2v(1) allowing you to convert source guests that virt-v2v is unable to access directly.

New features in existing tools

Virt-customize knows how to write a random seed to CirrOS (Pino Toscano).

On Fedora, virt-customize runs dnf(8) with the --best flag, ensuring it always updates to the latest available packages.

Virt-builder now provides 32 bit Fedora templates.

Virt-builder and virt-customize --install option now works on 32 bit Fedora guests. Previously it would try to install 64 bit packages (Jan Sedlák).

Virt-builder can now fetch cloud images using Simple Streams v1.0 metadata (Pino Toscano).

Virt-builder can now fetch openSUSE cloud images out of the box (Cédric Bosdonnat).

Virt-customize will now use stronger (SHA-512) encrypted passwords by default on openSUSE ≥ 11 (Pino Toscano).

Virt-builder will now correctly handle output filenames containing colon characters (":"), and will create temporary files in the libguestfs cache directory instead of defaulting to /tmp (Pino Toscano).

Virt-resize has a new --unknown-filesystems option to control what to do when asked to resize a filesystem that libguestfs doesn't know how to resize.

Virt-v2v now has an --in-place flag/mode, allowing in-place conversion of guests (Roman Kagan).

Virt-v2v has a --compressed option for creating compressed qcow2 output files.

Virt-v2v can now correctly get the VMware datacenter path (dcPath) from libvirt, instead of having to calculate it using an algorithm that occasionally got the wrong answer (Matthias Bolte, Tingting Zheng).

Virt-v2v now processes RAM sizes correctly for 64 bit guests when running on a 32 bit host.

Language bindings

In Perl and Python programs, the "get_program_name" API now returns the true program name, instead of the incorrect string "perl" or "python".

The Python bindings can now be compiled against a different version of libguestfs, allowing the pip module to be built against any version of libguestfs (instead of requiring the pip module and libguestfs to have exactly the same version).

The quality of the Ruby rdoc (documentation) has been improved (Pino Toscano).

Perl scripts no longer hard-code the location of perl in the shebang line, but use env(1) to locate it instead (Pino Toscano).

In OCaml programs, the guestfs handle was incorrectly made into a global root, meaning it could never be garbage collected. If you didn't call the "close" function explicitly, the handle would not be closed until the whole program exited. This has now been fixed so handles will be garbage collected in the usual way. This changes the API of the OCaml function "Guestfs.event_callback". Note that non-C language bindings are not covered by the libguestfs API/ABI guarantee, although we try hard not to change them, but in this case it was essential in order to fix this very serious bug.

Inspection

Alpine Linux and the APK package manager, ALT Linux, Frugalware, and PLD Linux are now recognized (Pino Toscano).

If it exists, /etc/os-release will be preferred for inspecting Linux guests (Pino Toscano).

The correct kernel version is returned for Windows guests ≥ 10.

Documentation

The large guestfs(3) man page has been split into several separate man pages: guestfs-hacking(1) guestfs-internals(1) guestfs-security(1). In the source tree, a new docs directory contains this documentation.

Architectures and platforms

Libguestfs now supports ARM 64 bit platforms with vGICv3.

See also guestfs-security(1).

"CVE-2015-5745"
https://bugzilla.redhat.com/1251157

This is not a vulnerability in libguestfs, but because we always give a virtio-serial port to each guest (since that is how guest-host communication happens), an escalation from the appliance to the host qemu process is possible. This could affect you if:

  • your libguestfs program runs untrusted programs out of the guest (using "guestfs_sh" etc), or
  • another exploit was found in (for example) kernel filesystem code that allowed a malformed filesystem to take over the appliance.

If you use sVirt to confine qemu, that would thwart some attacks.

https://bugzilla.redhat.com/1260778.

Previously when asked to inject an SSH key into a guest, virt-customize (hence virt-builder too) would create the .ssh directory and .ssh/authorized_keys file with too broad permissions, allowing other users to read. They are now created as 0700 and 0600 respectively, which is the same as the ssh-copy-id(1) utility.

New APIs

"guestfs_get_identifier"
"guestfs_set_identifier"
Get/set a per-handle identifier. The main effect of this is to change trace output from: 
libguestfs: trace: foo

to:

libguestfs: trace: ID: foo

making it easier to follow traces in multi-threaded programs, or where a program uses multiple handles (especially virt-v2v).

"guestfs_vfs_minimum_size"
Return the minimum size of a filesystem (when shrunk). This supports ext2/3/4, XFS and btrfs, and can support other filesystem types in future (Maxim Perevedentsev).

Other API changes

"guestfs_disk_create": add "preallocation" = "off"/"metadata"/"full".
For raw, this allows "off" as a synonym for "sparse" (making it consistent with qcow2). For qcow2, this allows "sparse" as a synonym for "off".

It also adds "full", which corresponds to fully allocated, but uses posix_fallocate(3) for efficiency.

"guestfs_tar_in": new "xattrs", "selinux", "acl" parameters.
"guestfs_tar_out": new "xattrs", "selinux", "acl" parameters.
These extra parameters control whether extended attributes, SELinux contexts and/or POSIX ACLs are restored from / saved to tarballs.
"guestfs_add_drive"
The existing "username" and "secret" parameters can be used to supply authentication for iSCSI (Pino Toscano).

The "./configure --enable-valgrind-daemon" option has been removed.

You can no longer build libguestfs on RHEL 5-era (c.2007) machines. See the "oldlinux" branch if you need (limited) RHEL 5 support.

Virt-p2v can now be built on RHEL 6-era (c.2010) Linux distros.

OCaml ≥ 3.11 (released in 2008) is now required to build from git.

Building the Perl bindings now requires "Module::Build" (instead of "ExtUtils::MakeMaker").

Builds should be faster (especially when incrementally rebuilding), because work was done to reduce build times.

Both OCaml and the OCaml findlib module are required if you need to run the generator at build time. Previously the build would have failed if findlib was not installed.

"make check" tests now run in parallel (within each test directory).

"make install" no longer installs OCaml bindtests.* files incorrectly.

"make install" can now be run twice. Previously it would fail on the second run.

"make clean" should now remove nearly every file that "make" creates.

A new "make installcheck" rule has been added, allowing the installed copy of libguestfs to be tested.

Some effort was put into minimizing the size of the appliance, which reduces temporary disk space and time needed by libguestfs handles.

The appliance now passes the NIC name to dhcpd, fixing hangs when running the appliance on some distros (Cédric Bosdonnat).

OCaml "Guestfs.Errno" is now generated (Pino Toscano).

In OCaml tools, common code now handles --debug-gc, --verbose and other common options (Roman Kagan, Pino Toscano).

The virt-v2v test harness allows us to boot the test guests at fixed dates in the past, ensuring that Windows reactivation doesn't kick in.

There is a new internal API for reading/writing a subprocess via a pipe from library code.

Used "deheader" program to remove unused "#include" directives.

In OCaml tools, the "Char" and "String" modules now implicitly reference the "Common_utils.Char" and "Common_utils.String" modules (instead of the ones from stdlib). The "Common_utils" modules contain a number of extra char/string utility functions, and also hide some unsafe functions in stdlib.

Many more virt-v2v tests will now be run even if you don't have rhsrvany and virtio-win installed (Roman Kagan).

The huge configure.ac file has been split into several smaller files called m4/guestfs_*.m4.

The old tests/data and tests/guests directories have been moved to test-data/. This new top level directory carries all test data which is common, large and/or shared between multiple tests.

There is a new top level website/ directory containing the public http://libguestfs.org website (or most of it).

The fuzz testing of inspection (tests/fuzz) has been removed.

Virt-p2v now saves the source physical machine dmesg output into the conversion server debug directory, making it simpler to debug cases of missing drivers, firmware etc.

set-label returns wrong error message when set the ext3/ext4 filesystem label
Add a Fedora 23 32-bit base image for virt-builder
virt-builder writes temporary files to /tmp
virt-resize does not copy logical partitions
virt-inspector returns version 6.3 for win10 images (should return 10.0)
virt-inspector --xpath segfault on attribute get
libguestfs can run commands with stdin not open (or worse still, connected to arbitrary guest-chosen random devices)
About compression option for qcow2
guestfish should be able to handle LVM thin layouts
DNF python programming error when run from virt-builder
inspection returns arch="unknown" for Windows guest if file command is not installed
Document permissions needed for non-admin users to use virt-v2v
RFE: virt-sparsify: make '--in-place' sparsification safe to abort (gracefully or ungracefully)
Virt-p2v client shouldn't present the vdsm option because it's not usable
virt-v2v fails to convert Windows raw image: error "device name is not a partition"
virt-builder: error: [file] is not a regular file in the guest
Simplestreams test fails: virt-builder: error: the value for the key 'size' is not an integer
guestfish copy-in command behaves oddly/unexpectedly with wildcards
python: Cannot compile pip module if installed libguestfs != pip guestfs version
Better diagnostic message when virbr0 doesn't exist
No warning shows when convert a win7 guest with AVG AntiVirus installed
virt-builder --ssh-inject doesn't set proper permissions on created files
RFE: V2V to check and warn user to disable group policy and anti virus on Windows guests
Wrong graphics protocal and video type set for guest after convert to rhev 3.6 by virt-v2v
extra slashes in vcenter URL confuses virt-v2v
[RHEV][V2V] virt-v2v ignores NIC if interface source/@network or source/@bridge is an empty string
virt-builder created Fedora 22 32bit disk image cannot be updated
virt-p2v no GUI mode:error opening control connection to $ip:22:unexpected …rompt
Option -oa preallocated -of qcow2 of virt-v2v didn't work efficiently
v2v: spaces need to be escaped as %20 in paths
Close all incoming ports on virt-p2v ISO
man virt-customize shows synopsis twice
mount-loop failed to setup loop device: No such file or directory
BUG: unable to handle kernel NULL pointer dereference at <addr> in function __blkg_lookup
virt-v2v should ignore bogus kernel entries in grub config
Unrelated info in fstab makes virt-v2v fail with unclear error info
virt-p2v: Using "Back" button causes output list to be repopulated multiple times
Wrong video driver is installed for rhel5.11 guest after conversion to libvirt
RFE: virt-builder creates qcow v3 images, add build option for qcow v2
File /etc/sysconfig/kernel isn't updated when convert XenPV guest with regular kernel installed
"lstatnslist" and "lstatlist" don't give an error if the API is used wrongly
koji spin-livecd cannot build a working live CD
mount-loop command fails: mount failed: Unknown error -1
set-label can only set <=127 bytes for btrfs and <=126 bytes for ntfs filesystem which not meet the help message. Also for ntfs it should give a warning message when the length >128 bytes
libvirt fails to shut down domain: could not destroy libvirt domain: Requested operation is not valid: domain is not running
mount-loop failed to setup loop device: No such file or directory

guestfs-examples(1), guestfs-faq(1), guestfs-performance(1), guestfs-recipes(1), guestfs-testing(1), guestfs(3), guestfish(1), http://libguestfs.org/

Richard W.M. Jones

Copyright (C) 2009-2023 Red Hat Inc.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

To get a list of bugs against libguestfs, use this link: https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools

To report a new bug against libguestfs, use this link: https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools

When reporting a bug, please supply:

  • The version of libguestfs.
  • Where you got libguestfs (eg. which Linux distro, compiled from source, etc)
  • Describe the bug accurately and give a way to reproduce it.
  • Run libguestfs-test-tool(1) and paste the complete, unedited output into the bug report.
2024-10-08 libguestfs-1.54.0