4:23 a.m.
See: https://bugzilla.redhat.com/show_bug.cgi?id=785269
The specfile requires avahi during install if libvirt was built with
avahi support, but there are many situations where it is undesirable
to install avahi due to security concerns. If we still Build-require
avahi-devel during the build, but don't require it at install time, it
will be used if present, and ignored if not.
---
libvirt.spec.in | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index f279d6d..dab9650 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -272,9 +272,6 @@ Requires: %{name}-client = %{version}-%{release}
Requires: module-init-tools
# for /sbin/ip & /sbin/tc
Requires: iproute
-%if %{with_avahi}
-Requires: avahi
-%endif
%endif
%if %{with_network}
Requires: dnsmasq >= 2.41
--
1.7.7.6
10:57 a.m.
On 02/07/2012 03:23 AM, Laine Stump wrote:
See: https://bugzilla.redhat.com/show_bug.cgi?id=785269
The specfile requires avahi during install if libvirt was built with
avahi support, but there are many situations where it is undesirable
to install avahi due to security concerns. If we still Build-require
avahi-devel during the build, but don't require it at install time, it
will be used if present, and ignored if not.
---
libvirt.spec.in | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
ACK to this change, but I'm worried that it might be imcomplete. You
are effectively reverting commit cbc702594, but that commit mentioned
that libvirtd built with avahi support but avahi not installed refuses
to boot. Did you actually test that scenario? I'd feel more
comfortable knowing for sure in the commit message that you tested that
libvirt can start up without error no matter what state avahi is in
(including not installed).
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
1:05 p.m.
New subject: [libvirt] [PATCHv2] build: don't require avahi during install
See: https://bugzilla.redhat.com/show_bug.cgi?id=785269
The specfile requires avahi during install if libvirt was built with
avahi support, but there are many situations where it is undesirable
to install avahi due to security concerns. This patch requires only
the avahi-libs package, which is needed by libvirt to call the
function that tries to attach to the avahi daemon, but will instead
silently fail because the avahi-daemon is in the main avahi package,
and that package isn't installed.
---
v1 removed the requires completely, but that caused libvirtd to fail
to load due to missing libraries.
libvirt.spec.in | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index f279d6d..62b0ed4 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -273,7 +273,7 @@ Requires: module-init-tools
# for /sbin/ip & /sbin/tc
Requires: iproute
%if %{with_avahi}
-Requires: avahi
+Requires: avahi-libs
%endif
%endif
%if %{with_network}
--
1.7.7.6
1:15 p.m.
New subject: [libvirt] [PATCHv2] build: don't require avahi during install
On 02/07/2012 12:05 PM, Laine Stump wrote:
See: https://bugzilla.redhat.com/show_bug.cgi?id=785269
The specfile requires avahi during install if libvirt was built with
avahi support, but there are many situations where it is undesirable
to install avahi due to security concerns. This patch requires only
the avahi-libs package, which is needed by libvirt to call the
function that tries to attach to the avahi daemon, but will instead
silently fail because the avahi-daemon is in the main avahi package,
and that package isn't installed.
---
v1 removed the requires completely, but that caused libvirtd to fail
to load due to missing libraries.
libvirt.spec.in | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index f279d6d..62b0ed4 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -273,7 +273,7 @@ Requires: module-init-tools
# for /sbin/ip & /sbin/tc
Requires: iproute
%if %{with_avahi}
-Requires: avahi
+Requires: avahi-libs
ACK. This is definitely a nicer solution - we compile against the
library, so we only need the library present, without also firing up the
main daemon. The library itself is safe whether or not 'avahi' is also
installed. And based on IRC chats we had in the meantime, I feel more
comfortable that you actually got something tested with 'avahi' uninstalled.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
1:24 p.m.
New subject: [libvirt] [PATCHv2] build: don't require avahi during install
On 02/07/2012 02:15 PM, Eric Blake wrote:
On 02/07/2012 12:05 PM, Laine Stump wrote:
> See: https://bugzilla.redhat.com/show_bug.cgi?id=785269
>
> The specfile requires avahi during install if libvirt was built with
> avahi support, but there are many situations where it is undesirable
> to install avahi due to security concerns. This patch requires only
> the avahi-libs package, which is needed by libvirt to call the
> function that tries to attach to the avahi daemon, but will instead
> silently fail because the avahi-daemon is in the main avahi package,
> and that package isn't installed.
> ---
>
> v1 removed the requires completely, but that caused libvirtd to fail
> to load due to missing libraries.
>
> libvirt.spec.in | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index f279d6d..62b0ed4 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -273,7 +273,7 @@ Requires: module-init-tools
> # for /sbin/ip& /sbin/tc
> Requires: iproute
> %if %{with_avahi}
> -Requires: avahi
> +Requires: avahi-libs
ACK.
Okay, I pushed it. Thanks for the quick review.
This is definitely a nicer solution - we compile against the
library, so we only need the library present, without also firing up the
main daemon. The library itself is safe whether or not 'avahi' is also
installed. And based on IRC chats we had in the meantime, I feel more
comfortable that you actually got something tested with 'avahi' uninstalled.
Yes, forgot to mention that. I tested by doing this:
rpm -qa | grep avahi >/tmp/packages
cat packages | xargs rpm --erase --nodeps
yum install avahi-libs # (this only installed the one package)
then I tried installing an unmodified libvirt rpm, which gave an error
due to the avahi package being absent. After that I installed the
modified libvirt rpm, and successfully restarted libvirt.
(After that, I reinstalled all the packages in /tmp/packages, because
there's a boatload of stuff that depends (directly or indirectly) on
avahi :-O )
4672
days inactive
4672
days old
4 comments
2 participants
participants (2)
-
Eric Blake -
Laine Stump