[virt-tools-list] ANNOUNCE: libguestfs 1.34 released
Richard W.M. Jones
rjones at redhat.com
Mon Aug 8 19:50:50 UTC 2016
I'm pleased to announce libguestfs 1.34, a library and set of tools
for accessing and modifying virtual machine disk images.
This release took about 8 months of work by many contributors.
Amongst the new features are large performance improvements,
substantial enhancements to virt-p2v & virt-v2v, better SELinux
support, and APIs for doing forensic analysis of disk images. See the
release notes below for full details.
You can get libguestfs 1.34 here:
Main website: http://libguestfs.org/
Source: http://libguestfs.org/download/1.34-stable/
Fedora 24: http://koji.fedoraproject.org/koji/packageinfo?packageID=8391
It will appear as an update for F24 in about a week.
Fedora 25: (blocked on RHBZ#1365270)
Debian/experimental: https://packages.debian.org/libguestfs0
Rich.
Release notes (also available online at
http://libguestfs.org/guestfs-release-notes.1.html ):
New features
Multiple performance enhancements were made in libguestfs. The "hot
cache" time to launch to appliance should be under 1 second assuming
recent qemu and kernel are installed. There are also new utilities for
precisely benchmarking libguestfs (utils/boot-benchmark and
utils/boot-analysis in the source tree).
The virt-p2v tool for converting physical machines to virtual machines
was substantially improved. This includes: clearer, coloured output
during conversions, support for Gtk 3, more detailed information about
hardware, click to identify network interfaces, more debugging tools
included with the ISO, and many bug fixes.
f2fs (Flash Friendly File System) is now supported (Pino Toscano).
New tools
virt-p2v-make-kiwi(1) can be used to build the virt-p2v ISO based on
SLES and openSUSE, using the kiwi utility (Cédric Bosdonnat).
New features in existing tools
virt-resize will now preserve the GPT GUID. This was required for
Windows Server 2012 R2, where the bootloader would become confused if
the GUID changed (Maxim Perevedentsev).
virt-resize will use sparse copying for (old MBR-style) extended
partitions. This makes resizing of guests that use extended partitions
much faster (Maxim Perevedentsev).
virt-p2v kernel command line options can now be used to set defaults
for GUI configuration.
The virt-p2v debugging options have been completely removed,
simplifying the interface and documentation. Debugging information is
now captured fully automatically.
virt-p2v-make-disk lets you specify an --arch option, allowing you to
build a 32 bit virt-p2v, for compatibility with older systems.
virt-p2v-make-disk no longer requires that you specify an "os-version"
for the virt-p2v disk. If omitted it will try to choose a suitable
"os-version" depending on your host system.
virt-p2v-make-disk and virt-p2v-make-kickstart both gain a new
--install option that allows you to add arbitrary extra packages to the
virt-p2v ISO, for customization, additional debugging tools and so on.
virt-v2v will now uninstall Parallels Tools (or the equivalent
Virtuozzo Tools) from Linux guests. Also stop the Windows drivers from
loading at boot. (Roman Kagan and Pavel Butsykin)
virt-v2v --in-place mode has been enhanced to allow the caller to
choose whether or not to install certain virtio drivers in the guest
(Roman Kagan).
virt-v2v conversion of Windows guests was substantially rewritten and
simplified (Roman Kagan).
virt-v2v --in-place mode now supports installing virtio-scsi drivers in
guests (Roman Kagan).
virt-v2v can now convert SUSE guests and SUSE guests using UEFI (Cédric
Bosdonnat and Jim Fehlig).
virt-v2v can now convert guests to Glance that have multiple disks.
Previously it would fail on such guests.
The virt-v2v --no-trim and --vmtype options are now no-ops. They will
print a warning but are otherwise ignored. virt-v2v can now generate
the OVF vmtype correctly without user intervention.
virt-v2v has now been tested against Citrix Xen as a source hypervisor
(Cédric Bosdonnat).
virt-v2v adds support for SUSE VMDP drivers (Cédric Bosdonnat).
virt-v2v can convert OVA files containing subfolders, as produced by
SUSE Studio (Cédric Bosdonnat).
virt-v2v sets the OVF "<Origin>" element correctly. oVirt has been
extended to support more source hypervisors (Shahar Havivi).
virt-v2v now supports Windows Server 2016 (Tomáš Golembiovský).
The virt-builder --list option can now be used to show all templates or
a single template (Pino Toscano).
All OCaml-based tools now use getopt_long(3) for option parsing, and
--help output has been improved (Pino Toscano).
virt-builder and virt-customize --selinux-relabel option can now fully
relabel the guest filesystem at build time, without requiring a lengthy
autorelabel at first boot.
virt-customize --delete now accepts globs.
New virt-customize --uninstall option lets you uninstall packages.
virt-customize can now use "pvvxsvc" as an alternative to "rhsrvany"
for running firstboot scripts in Windows guests (Cédric Bosdonnat).
virt-customize now uses the strongest hashing scheme for passwords on
Arch and Void Linux (Pino Toscano).
virt-customize --install now works correctly on Arch (Pino Toscano).
virt-inspector has new options --no-applications and --no-icon to
prevent the list of applications and icon from being included in the
XML output (Pino Toscano).
New virt-sysprep --network option has been added, allowing you to
actually use the --install etc options which were present in virt-
sysprep before but did not usually work. Note that the network is
still disabled by default.
virt-sysprep "fs-uuids" operation no longer fails on btrfs guests
(Maxim Perevedentsev).
virt-dib can output Docker images (Pino Toscano).
virt-dib has a new --drive-format option to allow the user to specify
the format of the helper drive (Pino Toscano).
All OCaml virt tools now have a --colors/--colours option which enables
coloured output (using ANSI escape sequences) even if the output is not
a tty. The default is to check if the output is a tty and disable
coloured output if not. This allows coloured output to be consumed by
other tools.
Language bindings
PHP test coverage has been enhanced (Pino Toscano).
PHP 7 is now supported (Pino Toscano).
Python bindings are now compliant with PEP 8 (Pino Toscano).
A Python pip package is available in
http://libguestfs.org/download/python/
The Ruby bindings now print the full exception if one is thrown by the
event callback. Note this is still incorrect behaviour as event
callbacks should not throw exceptions, but it aids debugging.
All OCaml libraries and programs are now compiled with -safe-string, if
supported by the OCaml compiler.
Inspection
Alpine Linux using busybox can now be inspected. Also the APK package
manager is supported in virt-customize (Pino Toscano).
We now handle inspection of Mageia 4 (Pino Toscano).
Void Linux and the Void Linux xbps package manager are fully supported
(Pino Toscano).
Parsing of CoreOS version information has been enhanced (Pino Toscano).
It is now possible to get an icon from ALT Linux (Pino Toscano).
PLD Linux versions < 3 are now recognized (Pino Toscano).
Windows drive letters are now returned for guests using GPT partitions
(Dawid Zamirski).
We can now correctly inspect Unix guests that do not have an /etc/fstab
file (Pino Toscano).
Added another source for the Ubuntu icon which doesn't rely on GNOME
having been installed in the guest.
We can now get an icon for Windows 7 64 bit guests.
Libosinfo integration was rewritten to deal with the new database
format used by osinfo (Pino Toscano).
Documentation
New manual page guestfs-building(1) describes how to build libguestfs
from source.
The man pages, tools and tool --help output is now automatically
checked to ensure that all tool options are properly documented, that
warning sections are included where necessary, and that every page has
a description section.
The guestfs-testing(1) man page has been refreshed and based on a newer
libguestfs.
Architectures and platforms
virt-customize now works on POWER7 and POWER8 platforms, both big
endian and little endian (Xianghua Chen and Hu Zhang).
Security
See also guestfs-security(1).
CVE-2015-8869
https://bugzilla.redhat.com/CVE-2015-8869
This vulnerability in OCaml might affect virt tools written in the
OCaml programming language. It affects only 64 bit platforms. Because
this bug affects code generation it is difficult to predict which
precise software could be affected, and therefore our recommendation is
that you recompile libguestfs using a version of the OCaml compiler
where this bug has been fixed (or ask your Linux distro to do the
same).
virt-customize ownership of .ssh, .ssh/authorized_keys
https://bugzilla.redhat.com/1337561
Previously when virt-customize injected an SSH key into a guest, when
it created the ~/.ssh and ~/.ssh/authorized_keys directory and file (in
case they were missing) it created them with owner and group
"root.root". This has been fixed so the correct user is used. This is
not thought to have been exploitable.
Windows "%systemroot%"
The inspection code has been made more robust against guests which
might use very long "%systemroot%" (derived from the guest-controlled
Windows Registry). This is not thought to have been exploitable.
Virtio-rng is now available in the appliance
virtio-rng (the virtual Random Number Generator device) is now passed
to the appliance, which should improve the quality random numbers
generated for GUIDs and cryptographic key generation.
API
New APIs
"btrfs_filesystem_show"
List all devices where a btrfs filesystem is spanned (Pino
Toscano).
"download_blocks"
"download_inode"
"filesystem_walk"
Download filesystem data blocks from a given partition. Download
arbitrary files by inode number. Retrieve all files from a
filesystem including deleted files.
Note these require optional dependency The Sleuth Kit. (Matteo
Cafasso)
"get_sockdir"
Read the path where temporary sockets are stored (Pino Toscano).
"mountable_device"
"mountable_subvolume"
Split a Mountable into device name and subvolume (Cédric
Bosdonnat).
"ntfscat_i"
Download NTFS file by inode number (Matteo Cafasso).
"part_expand_gpt"
Allow in-place expanding of GPT partitions by moving the second
(backup) partition table to the end of the disk (Maxim
Perevedentsev).
"part_get_disk_guid"
"part_set_disk_guid"
"part_set_disk_guid_random"
Get and set the GPT disk GUID, or set it to a fresh random value
(Maxim Perevedentsev).
"selinux_relabel"
SELinux-relabel part or all of the guest filesystem.
Other API changes
"guestfs_set_selinux", "guestfs_get_selinux", "guestfs_setcon",
"guestfs_getcon" and "guestfs_llz" have been deprecated. Use the new
API "guestfs_selinux_relabel" to relabel filesystems. Use
"guestfs_lgetxattrs" to list the "security.selinux" extended attributes
of existing files.
"guestfs_vfs_minimum_size" can now be used on dirty filesystems (Maxim
Perevedentsev).
"guestfs_ll" now works on paths which contain absolute symlinks (Pino
Toscano).
"guestfs_glob_expand" now has an optional "directoryslash" boolean
parameter which controls whether trailing slashes are returned for
directory names (Pino Toscano).
"guestfs_lvs" will no longer return LVs which have the "activationskip"
flag set. The reason is that such LVs have no "/dev/VG/LV" device node
and so code which read the list of LVs and then probed the devices
themselves would immediately fail. You can use "guestfs_lvs_full" if
you want to read all LVs. (Pino Toscano).
"guestfs_list_disk_labels" now no longer fails if no disks with labels
were added. Instead it now returns an empty list (Pino Toscano).
"guestfs_is_lv" no longer fails if passed a btrfs subvolume, it returns
false instead (Maxim Perevedentsev).
Build changes
qemu ≥ 1.3.0 is required.
yajl (a JSON parsing library) is required to build libguestfs.
You can now build with GCC 6.
"make check-valgrind" now has substantially better coverage.
"make check-slow" now works again.
Use "make -C appliance clean-supermin-appliance" to clean the supermin
appliance (it will be rebuilt on next "make").
There are a variety of new rules for running virt-p2v from the source
directory: "make -C p2v run-virt-p2v-directly" | "run-virt-p2v-in-a-vm"
| "run-virt-p2v-non-gui-conversion". These are documented further in
guestfs-hacking(1).
virt-p2v may be built using either Gtk 2 or Gtk 3. To force a
particular version of Gtk to be used, "./configure --with-gtk=2|3"
The "./configure" options are now mostly documented in
guestfs-building(1).
Internals
In git, versions are now tagged with "v1.XX.YY" (previously they were
tagged with "1.XX.YY"). Using the "v-" prefix is more common in git
repositories.
When using the libvirt backend, we now wait for qemu to exit gracefully
instead of killing it after 15 seconds. This helps when writing to
slow devices (especially cheap USB keys).
Error messages from libvirt now include the "err->int1" field which
usually contains the "errno".
On ARM, all DTB (device tree) code has been removed. qemu creates the
right device tree on the fly, we do not need to specify one.
The C API tests now use larger test disks, allowing BTRFS to be tested
properly (Pino Toscano).
The tests should now work on a pure Python 3 host (Pino Toscano).
In C bindings, internal functions are now (mostly) consistently named
"guestfs_int_*" whereas previously there was no consistent scheme.
The old "safe_malloc" etc functions are now no longer exported by the
library, nor used in language bindings.
Setting TMPDIR to a path longer than ~ 100 characters will no longer
cause libguestfs to fail silently and randomly when creating Unix
domain sockets (Pino Toscano).
The "COMPILE_REGEXP" macro can now be used in the daemon.
When tracing, results containing structs are now printed in full (Pino
Toscano).
The Perl "Sys::Guestfs" module now no longer embeds an incrementing API
"version number". This module is now always at phony version "1.0".
To find the real version of libguestfs from Perl you must call
"$g->version".
All code is compiled with "-Wstack-usage=10000" and multiple changes
have been made to remove stack allocation of large strings and buffers.
The error(3) function is now used everywhere, replacing most previous
uses of perror(3) + exit(3), and fprintf(3) + exit.
In C code, "/**" comments are turned into documentation which is
automatically added to the guestfs-hacking(1) manual page.
A safe "getumask" function has been added. For recent Linux kernels
this uses the newly added "Umask" field in /proc/self/status. For
older Linux and other Unix, this uses a thread-safe technique involving
fork(2) (thanks: Josh Stone, Jiri Jaburek, Eric Blake).
Safe posix_fadvise(2) wrappers have been added, and more hints have
been added to the code which may make a minor difference to
performance.
A safe wrapper around waitpid(2) has been added which handles "INTR"
properly.
"podwrapper.pl" (used to generate the manual pages) now stops if any
POD error is found. A new script called "podcheck.pl" does cross-
checking of --help output, tool options and manual pages.
All version numbers in the library (eg. versions of qemu, versions of
libvirt, versions of guest operating systems) are unified in a single
file src/version.c (Pino Toscano).
On Windows guests, virt-customize will use the vendor-neutral path
"C:\Program Files\Guestfs\Firstboot" to store firstboot scripts.
Previously it used "C:\Program Files\Red Hat\Firstboot". This change
should be invisible to the scripts themselves. (Cédric Bosdonnat)
On Linux guests, the firstboot services generated by virt-builder
--firstboot etc have been renamed to "guestfs-firstboot" (Pino
Toscano).
There is now a common "debug" function used by all OCaml tools,
replacing previous code which did "if verbose () then printf ...".
virt-p2v copies files it needs over to the virt-v2v conversion server
using scp(1), instead of trying to send them via the shell session.
This should improve reliability and should be a completely transparent
to end users.
All code in mllib is now built into a single "mllib.cma" or
"mllib.cmxa" library. All code in customize is now built into a single
"customize.cma" or "customize.cmxa" library. This simplifies the build
of the OCaml tools.
lvmetad(8) is now used in the appliance when available (Pino Toscano).
"Silent rules" are used for OCaml, Java, Erlang and POD. Use "make
V=1" to see the full command lines again (Pino Toscano).
Bugs fixed
https://bugzilla.redhat.com/1364347
virt-sparsify --in-place failed with UEFI system
https://bugzilla.redhat.com/1362357
run_command runs exit handlers when execve fails (e.g. due to
missing executable)
https://bugzilla.redhat.com/1362354
virt-dib failed to create image using DIB_YUM_REPO_CONF
https://bugzilla.redhat.com/1359652
Fail to inspect Windows ISO file
https://bugzilla.redhat.com/1358142
Some info will show when convert guest to libvirt by virt-v2v with
parameter --quiet
https://bugzilla.redhat.com/1354335
overlay of disk images does not specify the format of the backing
file
https://bugzilla.redhat.com/1352761
Virt-manager can't show OS icons of win7/win8/ubuntu guest.
https://bugzilla.redhat.com/1350363
Improve error info "remote server timeout unexpectedly waiting for
password prompt" when connect to a bogus server at p2v client
https://bugzilla.redhat.com/1348900
virt-p2v should update error prompt when 'Test connection' with a
non-existing user in conversion server
https://bugzilla.redhat.com/1345813
virt-sysprep --install always failed to install the packages
specified
https://bugzilla.redhat.com/1345809
virt-customize --truncate-recursive should give an error message
when specifying a no-existing path
https://bugzilla.redhat.com/1343423
[RFE]Should give a better description about 'curl error 22' when
failed using ssh identity http url at p2v client
https://bugzilla.redhat.com/1343414
Failed SSH to conversion server by ssh identity http url at p2v
client
https://bugzilla.redhat.com/1343375
[RFE] uninstall packages inside the VM
https://bugzilla.redhat.com/1342447
Ifconfig command is not supported on p2v client
https://bugzilla.redhat.com/1342398
Convert a guest from RHEL by virt-v2v but its origin info shows
RHEV at rhevm
https://bugzilla.redhat.com/1342337
Should remind a warning about disk image has a partition when using
virt-p2v-make-disk
https://bugzilla.redhat.com/1341984
virt-get-kernel prompts an 'invalid value' error when using
--format auto
https://bugzilla.redhat.com/1341564
virt-p2v spinner should be hidden when it stops spinning
https://bugzilla.redhat.com/1340809
Testing connection timeout when input regular user of conversion
server with checked "use sudo......"button
https://bugzilla.redhat.com/1340464
[RFE] Suggestion give user a reminder for "Cancel conversion"
button
https://bugzilla.redhat.com/1340407
Multiple network ports will not be aligned at p2v client
https://bugzilla.redhat.com/1338083
Update UEFI whitelist for official fedora packages
https://bugzilla.redhat.com/1337561
virt-customize --ssh-inject not applying correct file permission
https://bugzilla.redhat.com/1335671
extra quotes around UUID confuses findfs in RHEL (but not in
Fedora)
https://bugzilla.redhat.com/1332025
Inspection does not parse /etc/redhat-release containing "Derived
from Red Hat Enterprise Linux 7.1 (Source)"
https://bugzilla.redhat.com/1327488
RFE: Allow p2v kernel options without p2v.server to set defaults
https://bugzilla.redhat.com/1325825
virt-v2v should prevent using multiple '-b' and '-n' option appears
on the command line
https://bugzilla.redhat.com/1321620
libguestfs: error: could not parse integer in version number: 7"
https://bugzilla.redhat.com/1321338
[1.33.16] Compilation Error: Unbound value List.sort_uniq in v2v.ml
line 988, characters 10-24:
https://bugzilla.redhat.com/1317843
`virt-builder --update` fails with: "dnf -y --best upgrade: command
exited with an error"
https://bugzilla.redhat.com/1316479
v2v cmd cannot exit and "block I/O error in device 'appliance': No
space left on device (28)" is printed when specified "-v -x"
https://bugzilla.redhat.com/1316041
virt-rescue fails, but missing error message
https://bugzilla.redhat.com/1314244
RFE: virt-p2v log window should process colour escapes and
backspaces
https://bugzilla.redhat.com/1312254
virt-v2v -o libvirt doesn't preserve or use correct <graphics
type="vnc|spice">
https://bugzilla.redhat.com/1309706
error: internal error: Invalid floppy device name: hdb
https://bugzilla.redhat.com/1309619
Wrong warning info "use standard VGA" shows when converting windows
> 7 by virt-v2v
https://bugzilla.redhat.com/1309580
OS name of win8.1 x64 guest shows incorrect in rhevm3.6 general
info
https://bugzilla.redhat.com/1308769
virt-v2v does not copy additional disks to Glance
https://bugzilla.redhat.com/1306666
Failure when disk contains an LV with activationskip=y
https://bugzilla.redhat.com/1296606
virt-v2v doesn't remove VirtualBox additions correctly because of
file quoting
https://bugzilla.redhat.com/1293527
There should be a reminder to avoid user to edit a guest image by
multiple tools at the same time in guestfish man page
https://bugzilla.redhat.com/1293276
guestfish can not ll a symbolic link dir or edit a file in it
https://bugzilla.redhat.com/1278878
guestfish should be able to handle LVM thin layouts
https://bugzilla.redhat.com/1264835
ppc64le: virt-customize --install fail to detect the guest arch
https://bugzilla.redhat.com/1264332
Test that trimming in virt-v2v doesn't regress
https://bugzilla.redhat.com/1232192
Virt-v2v gives an error on a blank disk: part_get_parttype: unknown
signature, of the output: BYT;
https://bugzilla.redhat.com/1229386
virt-p2v in non-GUI mode doesn't show any conversion progress or
status
https://bugzilla.redhat.com/1227599
P2V invalid password prints unexpected end of file waiting for
command prompt.
https://bugzilla.redhat.com/1224795
On Ubuntu, virt-builder --install and --update cannot use the
network
https://bugzilla.redhat.com/1213324
virt-v2v: warning: unknown guest operating system: windows windows
6.3 when converting win8,win8.1,win2012,win2012R2,win10 to rhev
https://bugzilla.redhat.com/1203898
Support inspecting docker images without /etc/fstab
https://bugzilla.redhat.com/1186935
libguestfs cannot inspect recent Fedora / RHEL >= 7 when /usr is a
separate partition
https://bugzilla.redhat.com/1167916
P2V: invalid conversion server prints unexpected end of file
waiting for password prompt.
https://bugzilla.redhat.com/1152825
virt-rescue --selinux can not work well, when enable selinux in the
command line the value of 'getenforce' is still Disabled in virt-
rescue appliance
https://bugzilla.redhat.com/1150298
ARM 32 bit on Ubuntu: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
https://bugzilla.redhat.com/1089100
NetworkManager avc unlink denied for resolv.conf after using
--selinux-relabel
https://bugzilla.redhat.com/983969
RFE: virt-sysprep should be SELinux-aware
https://bugzilla.redhat.com/855058
RFE: virt-p2v: display more information about storage devices
https://bugzilla.redhat.com/554829
SELinux handling could be done better.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
More information about the virt-tools-list
mailing list