[libvirt] ANNOUNCE: libguestfs 1.26 released

I'm pleased to announce libguestfs 1.26, a library and set of tools for accessing and modifying virtual machine disk images. This release took more than 6 months of work by a considerable number of people, and has many new features (see release notes below). You can get libguestfs 1.26 here: Main website: http://libguestfs.org/ Source: http://libguestfs.org/download/1.26-stable/ You will also need latest supermin from here: http://libguestfs.org/download/supermin/ Fedora 20/21: http://koji.fedoraproject.org/koji/packageinfo?packageID=8391 It will appear as an update for F20 in about a week. Debian/experimental coming soon, see: https://packages.debian.org/experimental/libguestfs0 The Fedora and Debian packages have split dependencies so you can download just the features you need. RELEASE NOTES FOR LIBGUESTFS 1.26 New features Tools virt-customize(1) is a new tool for customizing virtual machine disk images. It lets you install packages, edit configuration files, run scripts, set passwords and so on. virt-builder(1) and virt-sysprep(1) use virt-customize, and command line options across all these tools are now identical. virt-diff(1) is a new tool for showing the differences between the filesystems of two virtual machines. It is mainly useful when showing what files have been changed between snapshots. virt-builder(1) has been greatly enhanced. There are many more ways to customize the virtual machine. It can pull templates from multiple repositories. A parallelized internal xzcat implementation speeds up template decompression. Virt-builder uses an optimizing planner to choose the fastest way to build the VM. It is now easier to use virt-builder from other programs. Internationalization support has been added to metadata. More efficient SELinux relabelling of files. Can build guests for multiple architectures. Error messages have been improved. (Pino Toscano) virt-sparsify(1) has a new --in-place option. This sparsifies an image in place (without copying it) and is also much faster. (Lots of help provided by Paolo Bonzini) virt-sysprep(1) can delete and scrub files under user control. You can lock user accounts or set random passwords on accounts. Can remove more log files. Can unsubscribe a guest from Red Hat Subscription Manager. New flexible way to enable and disable operations. (Wanlong Gao, Pino Toscano) virt-win-reg(1) allows you to use URIs to specify remote disk images. virt-format(1) can now pass the extra space that it recovers back to the host. guestfish(1) has additional environment variables to give fine control over the ><fs> prompt. Guestfish reads its (rarely used) configuration file in a different order now so that local settings override global settings. (Pino Toscano) virt-make-fs(1) was rewritten in C, but is unchanged in terms of functionality and command line usage. Language bindings The OCaml bindings have a new Guestfs.Errno module, used to check the error number returned by Guestfs.last_errno. PHP tests now work. (Pino Toscano) Inspection Inspection can recognize Debian live images. Architectures ARMv7 (32 bit) now supports KVM acceleration. Aarch64 (ARM 64 bit) is supported, but the appliance part does not work yet. PPC64 support has been fixed and enhanced. Security Denial of service when inspecting disk images with corrupt btrfs volumes It was possible to crash libguestfs (and programs that use libguestfs as a library) by presenting a disk image containing a corrupt btrfs volume. This was caused by a NULL pointer dereference causing a denial of service, and is not thought to be exploitable any further. See commit d70ceb4cbea165c960710576efac5a5716055486 for the fix. This fix is included in libguestfs stable branches ≥ 1.26.0, ≥ 1.24.6 and ≥ 1.22.8, and also in RHEL ≥ 7.0. Earlier versions of libguestfs are not vulnerable. Better generation of random root passwords and random seeds When generating random root passwords and random seeds, two bugs were fixed which are possibly security related. Firstly we no longer read excessive bytes from /dev/urandom (most of which were just thrown away). Secondly we changed the code to avoid modulo bias. These issues were not thought to be exploitable. (Both changes suggested by Edwin Török) API GUID parameters are now validated when they are passed to API calls, whereas previously you could have passed any string. (Pino Toscano) New APIs guestfs_add_drive_opts: new discard parameter The new discard parameter allows fine-grained control over discard/trim support for a particular disk. This allows the host file to become more sparse (or thin-provisioned) when you delete files or issue the guestfs_fstrim API call. guestfs_add_domain: new parameters: cachemode, discard These parameters are passed through when adding the domain's disks. guestfs_blkdiscard Discard all blocks on a guestfs device. Combined with the discard parameter above, this makes the host file sparse. guestfs_blkdiscardzeroes Test if discarded blocks read back as zeroes. guestfs_compare_* guestfs_copy_* For each struct returned through the API, libguestfs now generates guestfs_compare_* and guestfs_copy_* functions to allow you to compare and copy structs. guestfs_copy_attributes Copy attributes (like permissions, xattrs, ownership) from one file to another. (Pino Toscano) guestfs_disk_create A flexible API for creating empty disk images from scratch. This avoids the need to call out to external programs like qemu-img(1). guestfs_get_backend_settings guestfs_set_backend_settings Per-backend settings (can also be set via the environment variable LIBGUESTFS_BACKEND_SETTINGS). The main use for this is forcing TCG mode in the qemu-based backends, for example: export LIBGUESTFS_BACKEND=direct export LIBGUESTFS_BACKEND_SETTINGS=force_tcg guestfs_part_get_name Get the label or name of a partition (for GPT disk images). Build changes The following extra packages are required to build libguestfs 1.26: supermin ≥ 5 Supermin version 5 is required to build this version of libguestfs. flex, bison Virt-builder now uses a real parser to parse its metadata file, so these tools are required. xz This is now a required build dependency, where previously it was (in theory) optional. Internals PO message extraction rewritten to be more robust. (Pino Toscano) podwrapper gives an error if the --insert or --verbatim argument pattern is not found. Libguestfs now passes the qemu -enable-fips option to enable FIPS, if qemu supports it. ./configure --without-qemu can be used if you don't want to specify a default hypervisor. Copy-on-write [COW] overlays, used for example for read-only drives, are now created through an internal backend API (.create_cow_overlay). Libvirt backend uses some funky C macros to generate XML. These are simpler and safer. The ChangeLog file format has changed. It is now just the same as git log, instead of using a custom format. Appliance start-up has changed: * The libguestfs appliance now initializes LVM the same way as it is done on physical machines. * The libguestfs appliance does not write an empty string to /proc/sys/kernel/hotplug when starting up. Note that you must configure your kernel to have CONFIG_UEVENT_HELPER_PATH="" otherwise you will get strange LVM errors (this applies as much to any Linux machine, not just libguestfs). (Peter Rajnoha) Libguestfs can now be built on arches that have ocamlc(1) but not ocamlopt(1). (Hilko Bengen, Olaf Hering) You cannot use ./configure --disable-daemon --enable-appliance. It made no sense anyway. Now it is expressly forbidden by the configure script. The packagelist file uses m4 for macro expansion instead of cpp. Bugs fixed https://bugzilla.redhat.com/1073906 java bindings inspect_list_applications2 throws java.lang.ArrayIndexOutOfBoundsException: https://bugzilla.redhat.com/1063374 [RFE] enable subscription manager clean or unregister operation to sysprep https://bugzilla.redhat.com/1060404 virt-resize does not preserve GPT partition names https://bugzilla.redhat.com/1057504 mount-local should give a clearer error if root is not mounted https://bugzilla.redhat.com/1056290 virt-sparsify overwrites block devices if used as output files https://bugzilla.redhat.com/1055452 libguestfs: error: invalid backend: appliance https://bugzilla.redhat.com/1054761 guestfs_pvs prints "unknown device" if a physical volume is missing https://bugzilla.redhat.com/1053847 Recommended default clock/timer settings https://bugzilla.redhat.com/1046509 ruby-libguestfs throws "expecting 0 or 1 arguments" on Guestfs::Guestfs.new https://bugzilla.redhat.com/1045450 Cannot inspect cirros 0.3.1 disk image fully https://bugzilla.redhat.com/1045033 LIBVIRT_DEFAULT_URI=qemu:///system breaks libguestfs https://bugzilla.redhat.com/1044585 virt-builder network (eg. --install) doesn't work if resolv.conf sets nameserver 127.0.0.1 https://bugzilla.redhat.com/1044014 When SSSD is installed, libvirt configuration requires authentication, but not clear to user https://bugzilla.redhat.com/1039995 virt-make-fs fails making fat/vfat whole disk: Device partition expected, not making filesystem on entire device '/dev/sda' (use -I to override) https://bugzilla.redhat.com/1039540 virt-sysprep to delete more logfiles https://bugzilla.redhat.com/1033207 RFE: libguestfs inspection does not recognize Free4NAS live CD https://bugzilla.redhat.com/1028660 RFE: virt-sysprep/virt-builder should have an option to lock a user account https://bugzilla.redhat.com/1026688 libguestfs fails examining libvirt guest with ceph drives: rbd: image name must begin with a '/' https://bugzilla.redhat.com/1022431 virt-builder fails if $HOME/.cache doesn't exist https://bugzilla.redhat.com/1022184 libguestfs: do not use versioned jar file https://bugzilla.redhat.com/1020806 All libguestfs LVM operations fail on Debian/Ubuntu https://bugzilla.redhat.com/1008417 Need update helpout of part-set-gpt-type https://bugzilla.redhat.com/953907 virt-sysprep does not correctly set the hostname on Debian/Ubuntu https://bugzilla.redhat.com/923355 guestfish prints literal "\n" in error messages https://bugzilla.redhat.com/660687 guestmount: "touch" command fails: touch: setting times of `timestamp': Invalid argument https://bugzilla.redhat.com/593511 [RFE] function to get partition name https://bugzilla.redhat.com/563450 list-devices returns devices of different types out of order --- Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v