guestfs-release-notes - libguestfs Release Notes
These release notes only cover the differences from the previous stable/dev branch split (1.30.0). For detailed changelogs, please see the git repository, or the ChangeLog file distributed in the tarball.
New features in existing tools
Virt-customize knows how to write a random seed to CirrOS (Pino Toscano).
On Fedora, virt-customize runs dnf(8) with the --best flag, ensuring it always updates to the latest available packages.
Virt-builder now provides 32 bit Fedora templates.
Virt-builder and virt-customize --install option now works on 32 bit Fedora guests. Previously it would try to install 64 bit packages (Jan Sedlák).
Virt-builder can now fetch cloud images using Simple Streams v1.0 metadata (Pino Toscano).
Virt-builder can now fetch openSUSE cloud images out of the box (Cédric Bosdonnat).
Virt-customize will now use stronger (SHA-512) encrypted passwords by default on openSUSE ≥ 11 (Pino Toscano).
Virt-builder will now correctly handle output filenames containing colon characters (":"), and will create temporary files in the libguestfs cache directory instead of defaulting to /tmp (Pino Toscano).
Virt-resize has a new --unknown-filesystems option to control what to do when asked to resize a filesystem that libguestfs doesn't know how to resize.
Virt-v2v now has an --in-place flag/mode, allowing in-place conversion of guests (Roman Kagan).
Virt-v2v has a --compressed option for creating compressed qcow2 output files.
Virt-v2v can now correctly get the VMware datacenter path (dcPath) from libvirt, instead of having to calculate it using an algorithm that occasionally got the wrong answer (Matthias Bolte, Tingting Zheng).
Virt-v2v now processes RAM sizes correctly for 64 bit guests when running on a 32 bit host.
In Perl and Python programs, the "get_program_name" API now returns the true program name, instead of the incorrect string "perl" or "python".
The Python bindings can now be compiled against a different version of libguestfs, allowing the pip module to be built against any version of libguestfs (instead of requiring the pip module and libguestfs to have exactly the same version).
The quality of the Ruby rdoc (documentation) has been improved (Pino Toscano).
Perl scripts no longer hard-code the location of perl in the shebang line, but use env(1) to locate it instead (Pino Toscano).
In OCaml programs, the guestfs handle was incorrectly made into a global root, meaning it could never be garbage collected. If you didn't call the "close" function explicitly, the handle would not be closed until the whole program exited. This has now been fixed so handles will be garbage collected in the usual way. This changes the API of the OCaml function "Guestfs.event_callback". Note that non-C language bindings are not covered by the libguestfs API/ABI guarantee, although we try hard not to change them, but in this case it was essential in order to fix this very serious bug.
Alpine Linux and the APK package manager, ALT Linux, Frugalware, and PLD Linux are now recognized (Pino Toscano).
If it exists, /etc/os-release will be preferred for inspecting Linux guests (Pino Toscano).
The correct kernel version is returned for Windows guests ≥ 10.
The large guestfs(3) man page has been split into several separate man pages: guestfs-hacking(1) guestfs-internals(1) guestfs-security(1). In the source tree, a new docs directory contains this documentation.
Architectures and platforms
Libguestfs now supports ARM 64 bit platforms with vGICv3.
See also guestfs-security(1).
This is not a vulnerability in libguestfs, but because we always give a virtio-serial port to each guest (since that is how guest-host communication happens), an escalation from the appliance to the host qemu process is possible. This could affect you if:
- your libguestfs program runs untrusted programs out of the guest (using "guestfs_sh" etc), or
- another exploit was found in (for example) kernel filesystem code that allowed a malformed filesystem to take over the appliance.
If you use sVirt to confine qemu, that would thwart some attacks.
- Virt-customize permissions on .ssh, .ssh/authorized_keys
Previously when asked to inject an SSH key into a guest, virt-customize (hence virt-builder too) would create the .ssh directory and .ssh/authorized_keys file with too broad permissions, allowing other users to read. They are now created as 0700 and 0600 respectively, which is the same as the ssh-copy-id(1) utility.
- Get/set a per-handle identifier. The main effect of this is to change
trace output from:
libguestfs: trace: foo
libguestfs: trace: ID: foo
making it easier to follow traces in multi-threaded programs, or where a program uses multiple handles (especially virt-v2v).
- Return the minimum size of a filesystem (when shrunk). This supports ext2/3/4, XFS and btrfs, and can support other filesystem types in future (Maxim Perevedentsev).
Other API changes
- "guestfs_disk_create": add "preallocation" = "off"/"metadata"/"full".
- For raw, this allows "off" as a synonym
for "sparse" (making it consistent with
qcow2). For qcow2, this allows "sparse"
as a synonym for "off".
It also adds "full", which corresponds to fully allocated, but uses posix_fallocate(3) for efficiency.
- "guestfs_tar_in": new "xattrs", "selinux", "acl" parameters.
- "guestfs_tar_out": new "xattrs", "selinux", "acl" parameters.
- These extra parameters control whether extended attributes, SELinux contexts and/or POSIX ACLs are restored from / saved to tarballs.
- The existing "username" and "secret" parameters can be used to supply authentication for iSCSI (Pino Toscano).
The "./configure --enable-valgrind-daemon" option has been removed.
You can no longer build libguestfs on RHEL 5-era (c.2007) machines. See the "oldlinux" branch if you need (limited) RHEL 5 support.
Virt-p2v can now be built on RHEL 6-era (c.2010) Linux distros.
OCaml ≥ 3.11 (released in 2008) is now required to build from git.
Building the Perl bindings now requires "Module::Build" (instead of "ExtUtils::MakeMaker").
Builds should be faster (especially when incrementally rebuilding), because work was done to reduce build times.
Both OCaml and the OCaml findlib module are required if you need to run the generator at build time. Previously the build would have failed if findlib was not installed.
"make check" tests now run in parallel (within each test directory).
"make install" no longer installs OCaml bindtests.* files incorrectly.
"make install" can now be run twice. Previously it would fail on the second run.
"make clean" should now remove nearly every file that "make" creates.
A new "make installcheck" rule has been added, allowing the installed copy of libguestfs to be tested.
Some effort was put into minimizing the size of the appliance, which reduces temporary disk space and time needed by libguestfs handles.
The appliance now passes the NIC name to dhcpd, fixing hangs when running the appliance on some distros (Cédric Bosdonnat).
OCaml "Guestfs.Errno" is now generated (Pino Toscano).
In OCaml tools, common code now handles --debug-gc, --verbose and other common options (Roman Kagan, Pino Toscano).
The virt-v2v test harness allows us to boot the test guests at fixed dates in the past, ensuring that Windows reactivation doesn't kick in.
There is a new internal API for reading/writing a subprocess via a pipe from library code.
Used "deheader" program to remove unused "#include" directives.
In OCaml tools, the "Char" and "String" modules now implicitly reference the "Common_utils.Char" and "Common_utils.String" modules (instead of the ones from stdlib). The "Common_utils" modules contain a number of extra char/string utility functions, and also hide some unsafe functions in stdlib.
Many more virt-v2v tests will now be run even if you don't have rhsrvany and virtio-win installed (Roman Kagan).
The huge configure.ac file has been split into several smaller files called m4/guestfs_*.m4.
The old tests/data and tests/guests directories have been moved to test-data/. This new top level directory carries all test data which is common, large and/or shared between multiple tests.
There is a new top level website/ directory containing the public http://libguestfs.org website (or most of it).
The fuzz testing of inspection (tests/fuzz) has been removed.
Virt-p2v now saves the source physical machine dmesg output into the conversion server debug directory, making it simpler to debug cases of missing drivers, firmware etc.
- set-label returns wrong error message when set the ext3/ext4 filesystem label
- Add a Fedora 23 32-bit base image for virt-builder
- virt-builder writes temporary files to /tmp
- virt-resize does not copy logical partitions
- virt-inspector returns version 6.3 for win10 images (should return 10.0)
- virt-inspector --xpath segfault on attribute get
- libguestfs can run commands with stdin not open (or worse still, connected to arbitrary guest-chosen random devices)
- About compression option for qcow2
- guestfish should be able to handle LVM thin layouts
- DNF python programming error when run from virt-builder
- inspection returns arch="unknown" for Windows guest if file command is not installed
- Document permissions needed for non-admin users to use virt-v2v
- RFE: virt-sparsify: make '--in-place' sparsification safe to abort (gracefully or ungracefully)
- Virt-p2v client shouldn't present the vdsm option because it's not usable
- virt-v2v fails to convert Windows raw image: error "device name is not a partition"
- virt-builder: error: [file] is not a regular file in the guest
- Simplestreams test fails: virt-builder: error: the value for the key 'size' is not an integer
- guestfish copy-in command behaves oddly/unexpectedly with wildcards
- python: Cannot compile pip module if installed libguestfs != pip guestfs version
- Better diagnostic message when virbr0 doesn't exist
- No warning shows when convert a win7 guest with AVG AntiVirus installed
- virt-builder --ssh-inject doesn't set proper permissions on created files
- RFE: V2V to check and warn user to disable group policy and anti virus on Windows guests
- Wrong graphics protocal and video type set for guest after convert to rhev 3.6 by virt-v2v
- extra slashes in vcenter URL confuses virt-v2v
- [RHEV][V2V] virt-v2v ignores NIC if interface source/@network or source/@bridge is an empty string
- virt-builder created Fedora 22 32bit disk image cannot be updated
- virt-p2v no GUI mode:error opening control connection to $ip:22:unexpected …rompt
- Option -oa preallocated -of qcow2 of virt-v2v didn't work efficiently
- v2v: spaces need to be escaped as %20 in paths
- Close all incoming ports on virt-p2v ISO
- man virt-customize shows synopsis twice
- mount-loop failed to setup loop device: No such file or directory
- BUG: unable to handle kernel NULL pointer dereference at <addr> in function __blkg_lookup
- virt-v2v should ignore bogus kernel entries in grub config
- Unrelated info in fstab makes virt-v2v fail with unclear error info
- virt-p2v: Using "Back" button causes output list to be repopulated multiple times
- Wrong video driver is installed for rhel5.11 guest after conversion to libvirt
- RFE: virt-builder creates qcow v3 images, add build option for qcow v2
- File /etc/sysconfig/kernel isn't updated when convert XenPV guest with regular kernel installed
- "lstatnslist" and "lstatlist" don't give an error if the API is used wrongly
- koji spin-livecd cannot build a working live CD
- mount-loop command fails: mount failed: Unknown error -1
- set-label can only set <=127 bytes for btrfs and <=126 bytes for ntfs filesystem which not meet the help message. Also for ntfs it should give a warning message when the length >128 bytes
- libvirt fails to shut down domain: could not destroy libvirt domain: Requested operation is not valid: domain is not running
- mount-loop failed to setup loop device: No such file or directory
Richard W.M. Jones
Copyright (C) 2009-2020 Red Hat Inc.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
To get a list of bugs against libguestfs, use this link: https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
To report a new bug against libguestfs, use this link: https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
When reporting a bug, please supply:
- The version of libguestfs.
- Where you got libguestfs (eg. which Linux distro, compiled from source, etc)
- Describe the bug accurately and give a way to reproduce it.
- Run libguestfs-test-tool(1) and paste the complete, unedited output into the bug report.