* src/storage_encryption_conf.c: Remove base64.h

* src/qemu_driver.c: Support arbitrary callbacks for "secondary
  prompts".  Reimplement qemudMonitorCommandExtra using such a
  callback.

The if ((nlptr...)) implicitly assumes commptr != NULL (and that "buf"
starts with "cmd").  Make the assumption explicit, it will be broken in
a future patch.

* src/qemu_driver.c: Don't assume buffered monitor output echoes the
  command.

The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "disk->encryption" is
non-NULL iff encryption information is available.

A domain with partial encryption information can be defined,
completeness of the information is not verified.  The domain won't
start until the remaining information is added, of course.

* docs/formatdomain.html, docs/formatdomain.html.in: Document
  new encryption options for disks
* docs/schemas/domain.rng: Pull in storage encryption schema
  rules
* src/domain_conf.h, src/domain_conf.c: Wire up storage encryption
  XML parsing/formatting APIs

Supports only virStorageVolCreateXML, not virStorageVolCreateXMLFrom.

Curiously, qemu-img does not need the passphrase for anything to create
an encrypted volume.  This implementation thus does not need to touch
any secrets to work with cooperating clients.  More generic passphrase
handling is added in the next patch.

* src/storage_backend.c: Request encryption when creating qcow/qcow2
  files
* src/storage_backend_disk.c, src/storage_backend_fs.c,
  src/storage_backend_logical.c: Refuse to create volumes with
  encryption params set.

(The implementation is not very generic, but that can be very
easily rectified if/when new encryption formats appear.)

* src/storage_backend_fs.c: Probe for qcow/qcow2 encryption
  algorithm field

The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "vol->encryption" is
non-NULL iff the volume is encrypted.

Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid, libvirt will automatically
choose value for the missing information during volume creation.  The
user can read the volume XML, and use the unmodified <encryption> tag in
future operations (without having to be able to understand) its contents.

* docs/formatstorage.html, docs/formatstorage.html.in: Document
  storage volume encryption options
* src/storage_conf.c, src/storage_conf.h: Hook up storage
  encryption XML handling
* tests/storagevolschemadata/vol-qcow2.xml: Test case for encryption
  schema changes

Define an <encryption> tag specifying volume encryption format and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).

Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.

Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.

This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.

* docs/*.html: Re-generate
* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
  Add page describing storage encryption data format
* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
  Add RNG schema for storage encryption format
* po/POTFILES.in: Add src/storage_encryption_conf.c
* src/libvirt_private.syms: Export virStorageEncryption* functions
* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
  helper APIs for dealing with storage encryption format
* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
  RNG schema

Sample session:

>>> import libvirt
>>> c = libvirt.open('qemu:///session')

>>> c.listSecrets()
['12247729-47d2-a783-88ce-b329d4781cd3', 'reee', 'abc']

>>> s = c.secretDefineXML("<secret ephemeral='no' private='no'>\n<description>Something for use</description>\n<volume>/foo/bar</volume>\n</secret>\n")

>>> s.UUIDString()
'340c2dfb-811b-eda8-da9e-25ccd7bfd650'

>>> s.XMLDesc()
"<secret ephemeral='no' private='no'>\n  <uuid>340c2dfb-811b-eda8-da9e-25ccd7bfd650</uuid>\n  <description>Something for use</description>\n  <volume>/foo/bar</volume>\n</secret>\n"

>>> s.setValue('abc\0xx\xffx')
0

>>> s.value()
'abc\x00xx\xffx'

>>> s.undefine()
0

* python/generator.py: Add rules for virSecret APIs
* python/libvir.c, python/libvirt-python-api.xml: Manual impl of
  virSecretSetValue, virSecretGetValue$ and virConnectListSecrets APIs
* python/libvirt_wrap.h, python/types.c: Wrapper for virSecret objects
* docs/libvirt-api.xml, docs/libvirt-refs.xml,
  docs/html/libvirt-virterror.html, docs/html/libvirt-libvirt.html,
  docs/devhelp/libvirt-virterror.html, docs/devhelp/libvirt-libvirt.html:
  Re-generate with 'make api'

* src/remote_internal.c: Implement client binding for new secrets
  APIs
* src/datatypes.h: Add 'void *secretPrivateData' to virConnectPtr
  struct

* qemud/remote_protocol.x: Define wire protocol for secrets public
  APIs
* qemud/remote_protocol.h, qemud/remote_protocol.c,
  qemud/remote_dispatch_table.h, qemud/remote_dispatch_ret.h,
  qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_args.h:
  Re-generate from updated protocol definition
* qemud/remote.c: Implement RPC dispatchers for new secrets APIs

* include/libvirt/virterror.h, src/virterror.c: Add VIR_ERR_INVALID_SECRET
  and VIR_FROM_SECRET
* src/libvirt.c: Define stubs for every new public API

* include/libvirt/virterror.h, src/virterror.c: Add VIR_WAR_NO_SECRET
* src/libvirt_private.syms, src/datatypes.h, src/datatypes.c: Type
  virSecret struct definition and helper APIs
* src/driver.h: Sub-driver API definitions for secrets
* src/libvirt.c: Define new sub-driver for secrets

This patch adds a "secret" as a separately managed object, using a
special-purpose API to transfer the secret values between nodes and
libvirt users.

* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
  schema for virSecret objects
* docs/*html: Re-generated
* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
  describing the virSecret XML schema
* include/libvirt/libvirt.h.in: Define the new virSecret public
  API
* src/libvirt_public.syms: Export symbols for new public APIs
* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
  files list

* po/*: and update the po set

Per prior discussion -- this was, indeed, trivial.

I'm a little disappointed to be breaking the ordering characteristics of
the enum (as it had been ordered by increasing time requirements and
decreasing output size), but breaking any save files with the old
constants in the headers would of course be worse.

>From 2a9cdcfc88de091a8d34aa3fc3b1208d7681790e Mon Sep 17 00:00:00 2001
From: Charles Duffy <Charles_Duffy@dell.com>
Date: Fri, 28 Aug 2009 11:49:54 -0500
Subject: [PATCH] support lzop save compression for qemu

One of the larger disincentives towards use of compression for migrated-out save
files is performance impact. This patch adds support for lzop; CPU time for
compression is about 5x faster than gzip (the next most performant algorithm)
and decompression is about 3x faster.
Signed-off-by: NCharles Duffy <Charles_Duffy@dell.com>
Signed-off-by: NChris Lalancette <clalance@redhat.com>

All of the other drivers that support the getMaxVcpus callback
also accept a NULL value for type.  Make openvz also accept a
NULL value.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

qemudExtractMonitorPath() was doing a VIR_ALLOC_N followed by a
strncpy.  However, this isn't necessary; we can do the same thing
using strndup, which is much safer.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

The documentation for virNodeGetCellsFreeMemory claims the values
returned are in kilobytes, but that's actually wrong; the value
returned is actually in bytes.  Fix up the documentation to be
correct.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

S-expression containing empty lists, e.g. (cpus (() () () ())),
was not being handled properly in sexpr2string() serialization.
Emit an empty list when encountering NIL sexpr kind.

* src/uml_driver.c: Fix numa API driver entries to avoid
  infinite loop

* src/virsh.c: Pass in pool object to avoid crash in key lookup

* src/remote_internal.c: Split remoteAuthPolkit into separate
  impls for v0 and v1 to avoid compile warnings due to unused
  variables/params
* qemud/remote.c: Remove accidental tabs

* configure.in: Check for pkcheck which indicates new policykit
* qemud/Makefile.am: Install different versions of policy
* qemud/libvirtd.policy: Rename to libvirtd.policy-0
* qemud/libvirtd.policy-1: new style policy
* qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new
  policykit API via external pkcheck helper
* src/remote_internal.c: Don't prompt for polkit auth with new
  policykit API
* libvirt.spec.in: deal with new policy install locations & deps

* src/security_selinux.c: ignores EOPNOTSUPP when attempting to access an
  NFS share

See https://fedoraproject.org/wiki/Packaging:SourceURL

Matthias correctly points out that escape_specialcharaters() takes a
length, and since we are now malloc()'ing string in phypOpen instead of
making it a static array, we can't use sizeof(string) anymore.  Calculate
the proper strlen and then use that both to allocate the string and also
pass it to escape_specialcharacters().
Signed-off-by: NChris Lalancette <clalance@redhat.com>

I came across this line in the phypOpen function:

char string[strlen(conn->uri->path)];

Here the path part of the given URI is used without checking it for
NULL, this can cause a segfault as strlen expects a string != NULL.
Beside that uuid_db and connection_data leak in case of an error.

In this line

conn->uri->path = string;

the original path of the URI leaks. The patch adds a VIR_FREE call
before setting the new path.

The attached patch is compile-tested but I don't have a Power
Hypervisor installation at hand to test it for real.

Matthias
Signed-off-by: NChris Lalancette <clalance@redhat.com>

Fix up a small memory leak pointed out by DanB; I was forgetting
to release memory allocated to driver->saveImageFormat.
Also add the "save_image_format" and "security" entries to
the augeas lens.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

Test case for the fix applied in

  commit 14435163
  Author: Daniel Veillard <veillard@redhat.com>
  Date:   Fri Jun 26 18:14:16 2009 +0000

* tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.sexpr,
  tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.xml: Data
  files exhibiting the crash
* tests/sexpr2xmltest.c: Process new data files

* docs/drvqemu.html.in: Document DAC usage, SELinux integration,
  Linux capabilities, and Cgroups device ACLs

* src/qemu_conf.c, src/uml_conf.c: use virReportSystemError() to report
  system errors

https://bugzilla.redhat.com/517371

Matt Booth points out that if you use a non-existent bridge name when
start a guest you get a weird error message:

  Failed to add tap interface 'vnet%d' to bridge 'virbr0'

and dev='vnet%d' appears in the dumpxml output.

Fix that by not including 'vnet%d' in the error message and freeing the
'vnet%d' string if adding the tap device to the bridge fails.

* src/qemu_conf.c, src/uml_conf.c: fix qemudNetworkIfaceConnect()
  and umlConnectTapDevice() to not expose 'vnet%d' to the user

As we start/shutdown guests, or hotplug/hot-unplug devices, we can add
or delete devices as appropriate from a list of active devices.

Then, in pciReset(), we can use this to determine whether its safe to
reset a device as a side effect of resetting another device.

* src/qemu_conf.h: add activePciHostdevs to qemud_driver

* src/qemu_driver.c: maintain the activePciHostdevs list, and pass it
  to pciResetDevice()

* src/pci.[ch]: pass the activeDevs list to pciResetDevice() and use
  it to determine whether a Secondary Bus Reset is safe

The qemuPrepareHostDevices() and qemuDomainReAttachHostDevices()
functions are clutter with a bunch of calls to pciGetDevice() and
pciFreeDevice() obscuring the basic logic.

Add a pciDeviceList type and add a qemuGetPciHostDeviceList() function
to build a list from a domain definition. Use this in prepare/re-attach
fto simplify things and eliminate the multiple pciGetDevice calls.

This is especially useful because in the next patch we need to iterate
the hostdevs list a third time and we also need a list type for keeping
track of active devices.

* src/pci.[ch]: add pciDeviceList type and also a per-device 'managed'
  property

* src/libvirt_private.syms: export the new functions

* src/qemu_driver.c: add qemuGetPciHostDeviceList() and re-write
  qemuPrepareHostDevices() and qemuDomainReAttachHostDevices() to use it

Newer versions of QEMU accept 'pci_add auto', but older versions require
'pci_add pci_addr=auto'

* src/qemu_driver.c: use pci_addr= in qemudDomainAttachHostPciDevice()
  for older versions of QEMU

* src/qemu_driver.c: Add missing break statement in
  qemudDomainDetachHostDevice()

When we hot-unplug a PCI host device from a guest, we should reset it.

Both managed and unmanaged devices should be reset, but only managed
devices should be re-attached.

* src/qemu_driver.c: reset devices in qemudDomainDetachHostPciDevice()