[libvirt] [PATCH] build: don't require avahi during install
See: https://bugzilla.redhat.com/show_bug.cgi?id=785269 The specfile requires avahi during install if libvirt was built with avahi support, but there are many situations where it is undesirable to install avahi due to security concerns. If we still Build-require avahi-devel during the build, but don't require it at install time, it will be used if present, and ignored if not. --- libvirt.spec.in | 3 --- 1 files changed, 0 insertions(+), 3 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index f279d6d..dab9650 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -272,9 +272,6 @@ Requires: %{name}-client = %{version}-%{release} Requires: module-init-tools # for /sbin/ip & /sbin/tc Requires: iproute -%if %{with_avahi} -Requires: avahi -%endif %endif %if %{with_network} Requires: dnsmasq >= 2.41 -- 1.7.7.6
On 02/07/2012 03:23 AM, Laine Stump wrote:
See: https://bugzilla.redhat.com/show_bug.cgi?id=785269
The specfile requires avahi during install if libvirt was built with avahi support, but there are many situations where it is undesirable to install avahi due to security concerns. If we still Build-require avahi-devel during the build, but don't require it at install time, it will be used if present, and ignored if not. --- libvirt.spec.in | 3 --- 1 files changed, 0 insertions(+), 3 deletions(-)
ACK to this change, but I'm worried that it might be imcomplete. You are effectively reverting commit cbc702594, but that commit mentioned that libvirtd built with avahi support but avahi not installed refuses to boot. Did you actually test that scenario? I'd feel more comfortable knowing for sure in the commit message that you tested that libvirt can start up without error no matter what state avahi is in (including not installed). -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
See: https://bugzilla.redhat.com/show_bug.cgi?id=785269 The specfile requires avahi during install if libvirt was built with avahi support, but there are many situations where it is undesirable to install avahi due to security concerns. This patch requires only the avahi-libs package, which is needed by libvirt to call the function that tries to attach to the avahi daemon, but will instead silently fail because the avahi-daemon is in the main avahi package, and that package isn't installed. --- v1 removed the requires completely, but that caused libvirtd to fail to load due to missing libraries. libvirt.spec.in | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index f279d6d..62b0ed4 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -273,7 +273,7 @@ Requires: module-init-tools # for /sbin/ip & /sbin/tc Requires: iproute %if %{with_avahi} -Requires: avahi +Requires: avahi-libs %endif %endif %if %{with_network} -- 1.7.7.6
On 02/07/2012 12:05 PM, Laine Stump wrote:
See: https://bugzilla.redhat.com/show_bug.cgi?id=785269
The specfile requires avahi during install if libvirt was built with avahi support, but there are many situations where it is undesirable to install avahi due to security concerns. This patch requires only the avahi-libs package, which is needed by libvirt to call the function that tries to attach to the avahi daemon, but will instead silently fail because the avahi-daemon is in the main avahi package, and that package isn't installed. ---
v1 removed the requires completely, but that caused libvirtd to fail to load due to missing libraries.
libvirt.spec.in | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in index f279d6d..62b0ed4 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -273,7 +273,7 @@ Requires: module-init-tools # for /sbin/ip & /sbin/tc Requires: iproute %if %{with_avahi} -Requires: avahi +Requires: avahi-libs
ACK. This is definitely a nicer solution - we compile against the library, so we only need the library present, without also firing up the main daemon. The library itself is safe whether or not 'avahi' is also installed. And based on IRC chats we had in the meantime, I feel more comfortable that you actually got something tested with 'avahi' uninstalled. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On 02/07/2012 02:15 PM, Eric Blake wrote:
On 02/07/2012 12:05 PM, Laine Stump wrote:
See: https://bugzilla.redhat.com/show_bug.cgi?id=785269
The specfile requires avahi during install if libvirt was built with avahi support, but there are many situations where it is undesirable to install avahi due to security concerns. This patch requires only the avahi-libs package, which is needed by libvirt to call the function that tries to attach to the avahi daemon, but will instead silently fail because the avahi-daemon is in the main avahi package, and that package isn't installed. ---
v1 removed the requires completely, but that caused libvirtd to fail to load due to missing libraries.
libvirt.spec.in | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in index f279d6d..62b0ed4 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -273,7 +273,7 @@ Requires: module-init-tools # for /sbin/ip& /sbin/tc Requires: iproute %if %{with_avahi} -Requires: avahi +Requires: avahi-libs ACK.
Okay, I pushed it. Thanks for the quick review.
This is definitely a nicer solution - we compile against the library, so we only need the library present, without also firing up the main daemon. The library itself is safe whether or not 'avahi' is also installed. And based on IRC chats we had in the meantime, I feel more comfortable that you actually got something tested with 'avahi' uninstalled.
Yes, forgot to mention that. I tested by doing this: rpm -qa | grep avahi >/tmp/packages cat packages | xargs rpm --erase --nodeps yum install avahi-libs # (this only installed the one package) then I tried installing an unmodified libvirt rpm, which gave an error due to the avahi package being absent. After that I installed the modified libvirt rpm, and successfully restarted libvirt. (After that, I reinstalled all the packages in /tmp/packages, because there's a boatload of stuff that depends (directly or indirectly) on avahi :-O )
participants (2)
-
Eric Blake -
Laine Stump