I'm pleased to announce libguestfs 1.26, a library and set of tools
for accessing and modifying virtual machine disk images. This release
took more than 6 months of work by a considerable number of people,
and has many new features (see release notes below).
You can get libguestfs 1.26 here:
Main website:
http://libguestfs.org/
Source:
http://libguestfs.org/download/1.26-stable/
You will also need latest supermin from here:
http://libguestfs.org/download/supermin/
Fedora 20/21:
http://koji.fedoraproject.org/koji/packageinfo?packageID=8391
It will appear as an update for F20 in about a week.
Debian/experimental coming soon, see:
https://packages.debian.org/experimental/libguestfs0
The Fedora and Debian packages have split dependencies so you can
download just the features you need.
RELEASE NOTES FOR LIBGUESTFS 1.26
New features
Tools
virt-customize(1) is a new tool for customizing virtual machine disk
images. It lets you install packages, edit configuration files, run
scripts, set passwords and so on. virt-builder(1) and virt-sysprep(1)
use virt-customize, and command line options across all these tools are
now identical.
virt-diff(1) is a new tool for showing the differences between the
filesystems of two virtual machines. It is mainly useful when showing
what files have been changed between snapshots.
virt-builder(1) has been greatly enhanced. There are many more ways to
customize the virtual machine. It can pull templates from multiple
repositories. A parallelized internal xzcat implementation speeds up
template decompression. Virt-builder uses an optimizing planner to
choose the fastest way to build the VM. It is now easier to use
virt-builder from other programs. Internationalization support has been
added to metadata. More efficient SELinux relabelling of files. Can
build guests for multiple architectures. Error messages have been
improved. (Pino Toscano)
virt-sparsify(1) has a new --in-place option. This sparsifies an image
in place (without copying it) and is also much faster. (Lots of help
provided by Paolo Bonzini)
virt-sysprep(1) can delete and scrub files under user control. You can
lock user accounts or set random passwords on accounts. Can remove more
log files. Can unsubscribe a guest from Red Hat Subscription Manager.
New flexible way to enable and disable operations. (Wanlong Gao, Pino
Toscano)
virt-win-reg(1) allows you to use URIs to specify remote disk images.
virt-format(1) can now pass the extra space that it recovers back to
the host.
guestfish(1) has additional environment variables to give fine control
over the ><fs> prompt. Guestfish reads its (rarely used) configuration
file in a different order now so that local settings override global
settings. (Pino Toscano)
virt-make-fs(1) was rewritten in C, but is unchanged in terms of
functionality and command line usage.
Language bindings
The OCaml bindings have a new Guestfs.Errno module, used to check the
error number returned by Guestfs.last_errno.
PHP tests now work. (Pino Toscano)
Inspection
Inspection can recognize Debian live images.
Architectures
ARMv7 (32 bit) now supports KVM acceleration.
Aarch64 (ARM 64 bit) is supported, but the appliance part does not work
yet.
PPC64 support has been fixed and enhanced.
Security
Denial of service when inspecting disk images with corrupt btrfs
volumes
It was possible to crash libguestfs (and programs that use libguestfs
as a library) by presenting a disk image containing a corrupt btrfs
volume.
This was caused by a NULL pointer dereference causing a denial of
service, and is not thought to be exploitable any further.
See commit d70ceb4cbea165c960710576efac5a5716055486 for the fix. This
fix is included in libguestfs stable branches ≥ 1.26.0, ≥ 1.24.6 and
≥ 1.22.8, and also in RHEL ≥ 7.0. Earlier versions of libguestfs are
not vulnerable.
Better generation of random root passwords and random seeds
When generating random root passwords and random seeds, two bugs were
fixed which are possibly security related. Firstly we no longer read
excessive bytes from /dev/urandom (most of which were just thrown
away). Secondly we changed the code to avoid modulo bias. These
issues were not thought to be exploitable. (Both changes suggested by
Edwin Török)
API
GUID parameters are now validated when they are passed to API calls,
whereas previously you could have passed any string. (Pino Toscano)
New APIs
guestfs_add_drive_opts: new discard parameter
The new discard parameter allows fine-grained control over
discard/trim support for a particular disk. This allows the host file
to become more sparse (or thin-provisioned) when you delete files or
issue the guestfs_fstrim API call.
guestfs_add_domain: new parameters: cachemode, discard
These parameters are passed through when adding the domain's disks.
guestfs_blkdiscard
Discard all blocks on a guestfs device. Combined with the discard
parameter above, this makes the host file sparse.
guestfs_blkdiscardzeroes
Test if discarded blocks read back as zeroes.
guestfs_compare_*
guestfs_copy_*
For each struct returned through the API, libguestfs now generates
guestfs_compare_* and guestfs_copy_* functions to allow you to
compare and copy structs.
guestfs_copy_attributes
Copy attributes (like permissions, xattrs, ownership) from one file
to another. (Pino Toscano)
guestfs_disk_create
A flexible API for creating empty disk images from scratch. This
avoids the need to call out to external programs like qemu-img(1).
guestfs_get_backend_settings
guestfs_set_backend_settings
Per-backend settings (can also be set via the environment variable
LIBGUESTFS_BACKEND_SETTINGS). The main use for this is forcing TCG
mode in the qemu-based backends, for example:
export LIBGUESTFS_BACKEND=direct
export LIBGUESTFS_BACKEND_SETTINGS=force_tcg
guestfs_part_get_name
Get the label or name of a partition (for GPT disk images).
Build changes
The following extra packages are required to build libguestfs 1.26:
supermin ≥ 5
Supermin version 5 is required to build this version of libguestfs.
flex, bison
Virt-builder now uses a real parser to parse its metadata file, so
these tools are required.
xz
This is now a required build dependency, where previously it was (in
theory) optional.
Internals
PO message extraction rewritten to be more robust. (Pino Toscano)
podwrapper gives an error if the --insert or --verbatim argument
pattern is not found.
Libguestfs now passes the qemu -enable-fips option to enable FIPS, if
qemu supports it.
./configure --without-qemu can be used if you don't want to specify a
default hypervisor.
Copy-on-write [COW] overlays, used for example for read-only drives,
are now created through an internal backend API (.create_cow_overlay).
Libvirt backend uses some funky C macros to generate XML. These are
simpler and safer.
The ChangeLog file format has changed. It is now just the same as git
log, instead of using a custom format.
Appliance start-up has changed:
* The libguestfs appliance now initializes LVM the same way as it is
done on physical machines.
* The libguestfs appliance does not write an empty string to
/proc/sys/kernel/hotplug when starting up.
Note that you must configure your kernel to have
CONFIG_UEVENT_HELPER_PATH="" otherwise you will get strange LVM
errors (this applies as much to any Linux machine, not just
libguestfs). (Peter Rajnoha)
Libguestfs can now be built on arches that have ocamlc(1) but not
ocamlopt(1). (Hilko Bengen, Olaf Hering)
You cannot use ./configure --disable-daemon --enable-appliance. It made
no sense anyway. Now it is expressly forbidden by the configure script.
The packagelist file uses m4 for macro expansion instead of cpp.
Bugs fixed
https://bugzilla.redhat.com/1073906
java bindings inspect_list_applications2 throws
java.lang.ArrayIndexOutOfBoundsException:
https://bugzilla.redhat.com/1063374
[RFE] enable subscription manager clean or unregister operation to
sysprep
https://bugzilla.redhat.com/1060404
virt-resize does not preserve GPT partition names
https://bugzilla.redhat.com/1057504
mount-local should give a clearer error if root is not mounted
https://bugzilla.redhat.com/1056290
virt-sparsify overwrites block devices if used as output files
https://bugzilla.redhat.com/1055452
libguestfs: error: invalid backend: appliance
https://bugzilla.redhat.com/1054761
guestfs_pvs prints "unknown device" if a physical volume is missing
https://bugzilla.redhat.com/1053847
Recommended default clock/timer settings
https://bugzilla.redhat.com/1046509
ruby-libguestfs throws "expecting 0 or 1 arguments" on
Guestfs::Guestfs.new
https://bugzilla.redhat.com/1045450
Cannot inspect cirros 0.3.1 disk image fully
https://bugzilla.redhat.com/1045033
LIBVIRT_DEFAULT_URI=qemu:///system breaks libguestfs
https://bugzilla.redhat.com/1044585
virt-builder network (eg. --install) doesn't work if resolv.conf sets
nameserver 127.0.0.1
https://bugzilla.redhat.com/1044014
When SSSD is installed, libvirt configuration requires
authentication, but not clear to user
https://bugzilla.redhat.com/1039995
virt-make-fs fails making fat/vfat whole disk: Device partition
expected, not making filesystem on entire device '/dev/sda' (use -I
to override)
https://bugzilla.redhat.com/1039540
virt-sysprep to delete more logfiles
https://bugzilla.redhat.com/1033207
RFE: libguestfs inspection does not recognize Free4NAS live CD
https://bugzilla.redhat.com/1028660
RFE: virt-sysprep/virt-builder should have an option to lock a user
account
https://bugzilla.redhat.com/1026688
libguestfs fails examining libvirt guest with ceph drives: rbd: image
name must begin with a '/'
https://bugzilla.redhat.com/1022431
virt-builder fails if $HOME/.cache doesn't exist
https://bugzilla.redhat.com/1022184
libguestfs: do not use versioned jar file
https://bugzilla.redhat.com/1020806
All libguestfs LVM operations fail on Debian/Ubuntu
https://bugzilla.redhat.com/1008417
Need update helpout of part-set-gpt-type
https://bugzilla.redhat.com/953907
virt-sysprep does not correctly set the hostname on Debian/Ubuntu
https://bugzilla.redhat.com/923355
guestfish prints literal "\n" in error messages
https://bugzilla.redhat.com/660687
guestmount: "touch" command fails: touch: setting times of
`timestamp': Invalid argument
https://bugzilla.redhat.com/593511
[RFE] function to get partition name
https://bugzilla.redhat.com/563450
list-devices returns devices of different types out of order
---
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v