To allow tightening syntax check.

Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

This new listen type is currently supported only by spice graphics.
It's introduced to make it easier and clearer specify to not listen
anywhere in order to start a guest with OpenGL support.

The old way to do this was set spice graphics autoport='no' and don't
specify any ports.  The new way is to use <listen type='none'/>.  In
order to be able to migrate to old libvirt the migratable XML will be
generated without the listen element and with autoport='no'.  Also the
old configuration will be automatically converted to the this listen
type.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1335832Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

VNC graphics already supports sockets but only via 'socket' attribute.
This patch coverts that attribute into listen type 'socket'.

For backward compatibility we need to handle listen type 'socket' and 'socket'
attribute properly to support old XMLs and new XMLs.  If both are provided they
have to match, if only one of them is provided we need to be able to parse that
configuration too.

To not break migration back to old libvirt if the socket is provided by user we
need to generate migratable XML without the listen element and use only 'socket'
attribute.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

This moves the socket generation if "vnc_auto_unix_socket" is set.

It also fixes a bug with this config option that we should auto-generate
socket path only if listen type is address and there is no address
specified.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Even though it's auto-generated it's based on qemu.conf option and listen type
address already uses "fromConfig" to carry this information.  Following commits
will convert the socket to listen element so this rename is required because
there will be also an option to get socket auto-generated independently on the
qemu.conf option.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

There is no need to check again for vnc socket.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Put it into separate function called qemuDomainPrepareChannel() and call
it from the new qemuProcessPrepareDomain().
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Historically, we added heads=1 to videos, but for example for qxl, we
did not reflect that on the command line.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1283207Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Move the module from qemu_command.c to a new module virqemu.c and
rename the API to virQEMUBuildObjectCommandline.

This API will then be shareable with qemu-img and the need to build
a security object for luks support.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

<os>
  <acpi>
    <table type="slic">/path/to/acpi/table/file</table>
  </acpi>
</os>

will result in:

-acpitable sig=SLIC,file=/path/to/acpi/table/file

This option was introduced by QEMU commit 8a92ea2 in 2009.

https://bugzilla.redhat.com/show_bug.cgi?id=1327537

We have been always setting the capability on if qemu has
QEMU_CAPS_DEVICE.

Remove more checks that are no longer necessary.

Drop some checks that are no longer necessary as well as
-usbdevice -pcidevice and -soundhw support.

https://bugzilla.redhat.com/show_bug.cgi?id=1182074

If they're available and we need to pass secrets to qemu, then use the
qemu domain secret object in order to pass the secrets for RBD volumes
instead of passing the base64 encoded secret on the command line.

The goal is to make AES secrets the default and have no user interaction
required in order to allow using the AES mechanism. If the mechanism
is not available, then fall back to the current plain mechanism using
a base64 encoded secret.

New APIs:

qemu_domain.c:
  qemuDomainGetSecretAESAlias:
    Generate/return the secret object alias for an AES Secret Info type.
    This will be called from qemuDomainSecretAESSetup.

  qemuDomainSecretAESSetup: (private)
    This API handles the details of the generation of the AES secret
    and saves the pieces that need to be passed to qemu in order for
    the secret to be decrypted. The encrypted secret based upon the
    domain master key, an initialization vector (16 byte random value),
    and the stored secret. Finally, the requirement from qemu is the IV
    and encrypted secret are to be base64 encoded.

qemu_command.c:
  qemuBuildSecretInfoProps: (private)
    Generate/return a JSON properties object for the AES secret to
    be used by both the command building and eventually the hotplug
    code in order to add the secret object. Code was designed so that
    in the future perhaps hotplug could use it if it made sense.

  qemuBuildObjectSecretCommandLine (private)
    Generate and add to the command line the -object secret for the
    secret. This will be required for the subsequent RBD reference
    to the object.

  qemuBuildDiskSecinfoCommandLine (private)
    Handle adding the AES secret object.

Adjustments:

qemu_domain.c:
  The qemuDomainSecretSetup was altered to call either the AES or Plain
  Setup functions based upon whether AES secrets are possible (we have
  the encryption API) or not, we have secrets, and of course if the
  protocol source is RBD.

qemu_command.c:
  Adjust the qemuBuildRBDSecinfoURI API's in order to generate the
  specific command options for an AES secret, such as:

    -object secret,id=$alias,keyid=$masterKey,data=$base64encodedencrypted,
            format=base64
    -drive file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
           mon_host=mon1.example.org\:6321,password-secret=$alias,...

  where the 'id=' value is the secret object alias generated by
  concatenating the disk alias and "-aesKey0". The 'keyid= $masterKey'
  is the master key shared with qemu, and the -drive syntax will
  reference that alias as the 'password-secret'. For the -drive
  syntax, the 'id=myname' is kept to define the username, while the
  'key=$base64 encoded secret' is removed.

  While according to the syntax described for qemu commit '60390a21'
  or as seen in the email archive:

    https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg04083.html

  it is possible to pass a plaintext password via a file, the qemu
  commit 'ac1d8878' describes the more feature rich 'keyid=' option
  based upon the shared masterKey.

Add tests for checking/comparing output.

NB: For hotplug, since the hotplug code doesn't add command line
    arguments, passing the encoded secret directly to the monitor
    will suffice.

This prepares the code for other listen types.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Both VNC and SPICE requires the same code to resolve address for listen
type network.  Remove code duplication and create a new function that
will be used in qemuProcessSetupGraphics().
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

This is required for following patches where new listen types will be
introduced.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

We have both in the code.  Let's use only one format.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

For some disk types (SD), we want to emit the syntax
we used for disks before -device was available even
if QEMU supports -device.

Use the qemuDiskBusNeedsDeviceArg helper to figure out
whether to use the old or new syntax.

Replace the two uses of the withDeviceArg bool in
qemuBuildDiskDriveCommandLine and allow this function to be reused in
qemuBuildDriveStr.

We no longer need to handle -usbdevice and the withDeviceArg
logic becomes clearer.

We have stopped supporting Xenner some time ago.

Since we always asumme support of QEMU_CAPS_DEVICE.

The only QEMU versions that don't have such capability are <0.11,
which we no longer support anyway

The only QEMU versions that don't have such capability are <0.11,
which we no longer support anyway

The only QEMU versions that don't have such capability are <0.12,
which we no longer support anyway.

Additionally, this solves the issue of some QEMU binaries being
reported as not having such capability just because they lacked
the {kvm-}pci-assign QMP object.

-name guest= is the explicit parameter for passing a VM name. Using
it is required to allow a VM with an '=' in the name

https://bugzilla.redhat.com/show_bug.cgi?id=1276485

After this, a default virt-manager VM will startup with a comma
in the VM name:

https://bugzilla.redhat.com/show_bug.cgi?id=639926

This path can be dependent on the VM libdir, which contains its name

Need to convert the local function to virBuffer usage, so we
can use qemuBufferEscapeComma

This isn't sufficient on its own, since the VM name is used for things
like monitor paths, which we don't escape yet

Centralize the magic invocation for escaping commas on the qemu
command line, and document it a bit

QEMU_CAPS_DEVICE is always set nowadays, so we can drop the
non-DEVICE code paths

Rather than returning a "char *" indicating perhaps some sized set of
characters that is NUL terminated, alter the function to return 0 or -1
for success/failure and add two parameters to handle returning the
buffer and it's size.

The function no longer encodes the returned secret, rather it returns
the unencoded secret forcing callers to make the necessary adjustments.

Alter the callers to handle the adjusted model.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

The preferred name will be AES not IV, change current references
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

This matches how we handle spice gl='no' even if spice GL isn't
supported. Not too interesting in practice but I figure we should
be consistent

Extract the relevant parts of the existing checker and reuse them for
blockcopy since copying to a non-block device creates an invalid
configuration.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1209802