lunar (1) guestfs-release-notes-1.30.1.gz

Provided by: libguestfs0_1.48.6-2ubuntu1_amd64 bug

NAME

       guestfs-release-notes - libguestfs Release Notes

RELEASE NOTES FOR LIBGUESTFS 1.30

       These release notes only cover the differences from the previous stable/dev branch split
       (1.28.0).  For detailed changelogs, please see the git repository, or the ChangeLog file
       distributed in the tarball.

   New features
       New tools

       virt-dib(1) is a secure and safe alternative to the OpenStack "diskimage-builder" tool.
       It is compatible with diskimage-builder elements.  (Pino Toscano)

       virt-get-kernel(1) extracts the kernel and ramdisk from a disk image.  Previously this
       functionality was part of virt-builder(1), but the new tool is more featureful.  (Pino
       Toscano)

       New features in existing tools

       virt-v2v(1) -i ova mode can now read a wider range of OVA files, and also unpacked files
       (directories).

       virt-v2v now securely passes options to curl, so passwords, cookies and so on cannot be
       seen by users with shell access on the same machine.

       virt-v2v has a new --password-file option to allow you to securely pass in a password, and
       to avoid an interactive prompt.

       virt-v2v disables Windows autoreboot, making debugging conversion failures on Windows
       easier.

       virt-v2v now comes with an extensive external test suite.  See virt-v2v-test-harness(1).

       virt-v2v allows virtio drivers to come from any location (Roman Kagan), and drivers can be
       read directly from the virtio ISO.

       virt-v2v supports conversion of Windows ≥ 8.  Note this is experimental, and possibly
       broken.  Use with caution.

       virt-v2v can now convert UEFI guests.

       virt-p2v(1) adds a network configuration dialog.

       virt-p2v now has "p2v.pre", "p2v.post" and "p2v.fail" triggers, allowing arbitrary scripts
       for preparing the host for conversion and tidying up post-conversion.

       virt-p2v now uses the more advanced metacity window manager (instead of matchbox).

       virt-sysprep(1) will remove "/var/spool/mail/username" for non-root accounts (Hu Tao).

       virt-customize(1), virt-builder(1) and virt-sysprep have the following new options:

       --commands-from-file
           allow long lists of commands to be read from a file instead of from the command line
           (Pino Toscano)

       --copy
           copy files inside the guest (Maros Zatko)

       --copy-in
           copy host files recursively into the guest (Pino Toscano)

       --move
           move files inside the guest (Maros Zatko)

       --ssh-inject
           inject SSH keys into a guest (Pino Toscano)

       --sm-attach
       --sm-credentials
       --sm-register
       --sm-remove
       --sm-unregister
           register and unregister a guest from subscription-manager (Pino Toscano)

       --touch
           touch a file in the guest (Pino Toscano)

       --truncate
       --truncate-recursive
           truncate files (Maros Zatko)

       Improvements to virt-customize firstboot support.  In particular, Windows firstboot should
       work as well as Linux (Roman Kagan).

       virt-df(1) can now use PolicyKit, SASL and other authentication methods when getting the
       list of domains from libvirt.

       Improvements to guestfish bash completion (Pino Toscano).

       Bash completion now completes short options as well as long options (Pino Toscano).

       guestfish(1) now displays a command synopsis if the number of parameters given to a
       command is wrong (Hu Tao).

       virt-builder now supports Red Hat Enterprise Linux versions back to RHEL 3.

       virt-builder supports SUSE guests using zypper (Cédric Bosdonnat).

       Language bindings

       The Java bindings now include validated Javadoc, and other improvements (Pino Toscano).

       Multiple fixes and improvements to the PHP bindings (Pino Toscano).

       Inspection

       Inspection can now get icons from RHEL 7 and CentOS 7.

       /etc/favicon.png is now allowed to be a symbolic link.

       For RPM-based guests, inspection now returns RPM Epoch fields.

       Debian packages now have separate Epoch and Version fields (Nikos Skalkotos).

       OpenBSD detection added, FreeBSD and NetBSD added as separate "distros", and other BSD
       inspection improvements and bug fixes (Nikos Skalkotos).

       CoreOS detection added (Nikos Skalkotos).

       The package manager in Fedora ≥ 22 is "dnf".

       ReactOS guests can be inspected (Maros Zatko).

       Add support for UEFI guests.

       Inspection now works when kernel modules are gzip or xz compressed (Pino Toscano).

       Inspection now recognizes ppc64 and ppc64le guests (Maros Zatko).

       Inspection lists the installed applications on Archlinux guests (Nikos Skalkotos).

       Architectures and platforms

       PPC64 (POWER7) and PPC64LE (POWER8) architectures are now much better supported, and
       should work out of the box.

       For aarch64, we use AAVMF (an open source UEFI implementation based on OVMF) if available
       to run the appliance.

       For armv7, we now use the -M virt machine type by default.

       There is better support for compiling on non-Linux platforms (Pino Toscano, Margaret
       Lewicka).

       Libguestfs should now work on MIPS 32 bit little endian ("mipsel").  I have not been able
       to try 64 bit or big endian.

   Security
       CVE-2014-8484
       CVE-2014-8485
           Libguestfs previously ran the strings(1) utility on untrusted files.  Strings could
           parse BFD headers in an unsafe way, leading to possible arbitrary code execution.
           Libguestfs now runs strings with a flag to ensure it does not try to parse BFD
           headers.  This could have led to exploitation of the libguestfs appliance, but since
           libguestfs further constrains the appliance through virtualization, SELinux and other
           techniques, it was unlikely to have caused any privilege escalation on the host.

       XPath injection in virt-v2v
           One possible XPath injection vulnerability was fixed in virt-v2v.  This might have
           allowed a malicious guest which was being converted by virt-v2v to construct an
           arbitrary XPath expression which would have been evaluated on the host (by the libxml2
           library linked to the virt-v2v binary).  It is not clear what the effects of this
           might be.

           For further information, see upstream commit
           https://github.com/libguestfs/libguestfs/commit/6c6ce85f94c36803fe2db35a98db436bff0c14b0

       Denial of service problems when using "qemu-img info"
           When using the American Fuzzy Lop fuzzer ("afl-fuzz") on the "qemu-img info" command,
           Richard W.M. Jones found that certain files can cause the "qemu-img" program to use
           lots of memory and time (for example 6GB of heap and 14 seconds of CPU time on a fast
           Intel processor), and in some cases to crash.  Since libguestfs may run "qemu-img
           info" on disk images to find out what they contain, this transitively could cause
           libguestfs to hang or consume lots of memory.

           Libguestfs was modified so that it uses resource limits to limit the space and time
           used by "qemu-img info", to avoid this problem.  If a malicious user tries to pass one
           of these disk images to libguestfs, "qemu-img" will crash and the crash is reported
           back to libguestfs callers as an error message.

   API
       New APIs

       "guestfs_add_libvirt_dom"
           This exposes a previously private API that allows you to pass a "virDomainPtr" object
           directly from libvirt to libguestfs.

       "guestfs_blockdev_setra"
           Adjust readahead parameter for devices.  See "blockdev --setra" command.

       "guestfs_btrfs_balance"
       "guestfs_btrfs_balance_cancel"
       "guestfs_btrfs_balance_pause"
       "guestfs_btrfs_balance_resume"
       "guestfs_btrfs_balance_status"
           Balance support for Btrfs filesystems (Hu Tao).

       "guestfs_btrfs_filesystem_defragment"
           Filesystem defragmentation support for Btrfs filesystems (Hu Tao).

       "guestfs_btrfs_image"
           Create an image of a Btrfs filesystem (Chen Hanxiao)

       "guestfs_btrfs_qgroup_assign"
       "guestfs_btrfs_qgroup_create"
       "guestfs_btrfs_qgroup_destroy"
       "guestfs_btrfs_qgroup_limit"
       "guestfs_btrfs_qgroup_remove"
       "guestfs_btrfs_qgroup_show"
       "guestfs_btrfs_quota_enable"
       "guestfs_btrfs_quota_rescan"
           Quote support for Btrfs filesystems (Hu Tao).

       "guestfs_btrfs_rescue_chunk_recover"
           Scan and recover the chunk tree in Btrfs filesystems (Hu Tao).

       "guestfs_btrfs_rescue_super_recover"
           Restore superblocks in Btrfs filesystems (Hu Tao).

       "guestfs_btrfs_replace"
           Replace a device in a Btrfs filesystem (Cao Jin).

       "guestfs_btrfs_scrub"
       "guestfs_btrfs_scrub_cancel"
       "guestfs_btrfs_scrub_resume"
       "guestfs_btrfs_scrub_status"
           Scrub a Btrfs filesystem (Hu Tao).

       "guestfs_btrfs_subvolume_get_default"
           Get the default subvolume of a Btrfs filesystem (Hu Tao).

       "guestfs_btrfs_subvolume_show"
           List detailed information about the subvolume of a Btrfs filesystem (Hu Tao).

       "guestfs_btrfstune_enable_extended_inode_refs"
       "guestfs_btrfstune_enable_skinny_metadata_extent_refs"
       "guestfs_btrfstune_seeding"
           Various tuning parameters for Btrfs filesystems (Chen Hanxiao).

       "guestfs_c_pointer"
           Return the C pointer to the underlying "guestfs_h *".  This allows interworking of
           libguestfs bindings with bindings from other libraries.  For further information see
           https://bugzilla.redhat.com/1075164

       "guestfs_copy_in"
       "guestfs_copy_out"
           Flexible APIs for recursively copying directories of files between the host and guest
           filesystem.  Previously these were available only as guestfish commands, but now any
           API users can call them (Pino Toscano).

       "guestfs_part_get_gpt_guid"
       "guestfs_part_set_gpt_guid"
           Get and set the GPT per-partition GUID.

       "guestfs_part_get_mbr_part_type"
           Get MBR partition type (Chen Hanxiao).

       "guestfs_set_uuid_random"
           Set the UUID of a filesystem to a randomly generated value; supported filesystems
           currently are ext2/3/4, XFS, Btrfs, and swap partitions.  (Chen Hanxiao).

       Other API changes

       "guestfs_disk_create" can now use VMDK files as backing files.

       "guestfs_btrfs_subvolume_snapshot" takes extra optional parameters (all added by Hu Tao):

       "ro"
           for creating a read-only Btrfs snapshot

       "qgroupid"
           for adding the snapshot to a qgroup

       "guestfs_btrfs_subvolume_create" can also take the optional "qgroupid" parameter (Hu Tao).

       "guestfs_set_uuid" can set UUID of swap partitions, Btrfs (Hu Tao, Chen Hanxiao).

       "guestfs_copy_device_to_file" and "guestfs_copy_file_to_file" have a new optional "append"
       parameter, allowing you to append to the output file instead of truncating it.

       "guestfs_mkfs" has a new optional "label" parameter to set the initial label of the new
       filesystem (Pino Toscano).

       "guestfs_set_label" and "guestfs_set_uuid" now set "ENOTSUP" as errno when there is no
       implemented support for the filesystem of the specified mountable (Chen Hanxiao).

       Environment variables now let you write "LIBGUESTFS_DEBUG=true", "LIBGUESTFS_DEBUG=0" and
       so on.

       All "guestfs_sfdisk*" APIs have been deprecated.  Because sfdisk(8) was rewritten,
       incompatibly, upstream, we don't recommend using these APIs in future code.  Use the
       "guestfs_part*" APIs as replacements.

       APIs such as "guestfs_download" do not truncate /dev/stdout or /dev/stderr when writing to
       them, meaning that if you redirect stdout or stderr to a file, the file is no longer
       truncated.

   Build changes
       The daemon no longer uses its own separate copy of gnulib.  Instead it shares a single
       copy with the library.

       OCaml .annot files are now created, so IDEs and editors like emacs and vi can browse OCaml
       types in the source code.

       Various fixes to allow different host/appliance architecture builds (Pino Toscano).

       Automake is now used directly to build all the OCaml programs, instead of ad hoc Makefile
       rules.  One side effect of this is to enable warnings in all the C code used by OCaml
       programs.

       "-fno-strict-overflow" is used throughout the build to avoid dubious GCC optimizations.

       Multiple cleanups to support GCC 5.

       OCaml OUnit2 is needed to run some OCaml tests.

       Creating a statically linked libguestfs.a should work again.

       The src/api-support subdirectory and its scripts are no longer used.  Instead we store in
       the generator/actions.ml when the API was added to libguestfs.

   Internationalization
       The translation service has changed from Transifex to Zanata.

       Many more translations are available now, for both library and tools messages and
       documentation.

   Internals
       In all OCaml tools, there are now common "error", "warning", "info" functions, and common
       way to set and get the --quiet, -x (trace) and -v (verbose) flags, and colour highlighting
       used consistently.

       "COMPILE_REGEXP" macros are used to simplify PCRE constructors and destructors.

       In the generator, "Pointer" arguments have finally been implemented.

       Internal identifiers no longer use double and triple underscores (eg.
       "guestfs___program_name").  These identifiers are invalid for C99 and C++ programs,
       although compilers would accept them.

       The daemon no longer parses "guestfs_*" options from /proc/cmdline.  Instead it only takes
       ordinary command line options.  The appliance init script turns /proc/cmdline into daemon
       command line options.

       The tests can now run the daemon as a "captive process", allowing it to be run directly on
       the host.  The main advantage of this is we can run valgrind directly on the daemon during
       testing.

   Bugs fixed
       https://bugzilla.redhat.com/1239053
           virt-v2v error reporting when grub.conf cannot be parsed by Augeas

       https://bugzilla.redhat.com/1238053
           v2v:Duplicate disk target set when convert guest with cdrom attached

       https://bugzilla.redhat.com/1237869
           Virtio drivers are not installed for windows 2008 guests by virt-v2v

       https://bugzilla.redhat.com/1234351
           virt-v2v Support for Fedora virtio-win drivers

       https://bugzilla.redhat.com/1232192
           Virt-v2v gives an error on a blank disk: part_get_parttype: unknown signature, of the
           output: BYT;

       https://bugzilla.redhat.com/1229385
           virt-p2v in kernel command line mode should power off the machine after conversion

       https://bugzilla.redhat.com/1229340
           virt-p2v no GUI mode appends \n to the final command line parameter

       https://bugzilla.redhat.com/1229305
           virt-sysprep at cleanup deletes /var/spool/at/.SEQ which results in failing at

       https://bugzilla.redhat.com/1226794
           "Doing conversion……" still shows after cancel the conversion from virt-p2v client

       https://bugzilla.redhat.com/1215042
           Memory leak in virNetSocketNewConnectUNIX

       https://bugzilla.redhat.com/1213324
           virt-v2v: warning: unknown guest operating system: windows windows 6.3 when converting
           win8,win8.1,win2012,win2012R2 to rhev

       https://bugzilla.redhat.com/1213247
           virt tools should print the same format of version string

       https://bugzilla.redhat.com/1212808
           RFE: virt-builder --touch

       https://bugzilla.redhat.com/1212807
           virt-builder --selinux-relabel flag fails on cross-architecture builds

       https://bugzilla.redhat.com/1212680
           RFE: virt-inspector xpath query should output a neat format of the query element

       https://bugzilla.redhat.com/1212152
           virt-builder firstboot-command fails: File name too long

       https://bugzilla.redhat.com/1211996
           virt-inspector gives incorrect arch (ppc64) for ppc64le guest

       https://bugzilla.redhat.com/1203817
           RFE: virt-customize --move and --copy

       https://bugzilla.redhat.com/1201526
           index-parser can't parse systemd mount files properly

       https://bugzilla.redhat.com/1196101
           virt-builder --upload option doesn't work to a FAT partition

       https://bugzilla.redhat.com/1196100
           virt-builder -x option on its own does not enable tracing

       https://bugzilla.redhat.com/1195204
           `virt-builder` should create $HOME/.cache directory if it already doesn't exist

       https://bugzilla.redhat.com/1193237
           Virt-builder fingerprint is required even when no check desired

       https://bugzilla.redhat.com/1189284
           virt-resize should preserve GPT partition UUIDs, else EFI guests become unbootable

       https://bugzilla.redhat.com/1188866
           Performance regression in virt-builder when uncompressing image

       https://bugzilla.redhat.com/1186800
           virt-v2v should support gzip format ova as input

       https://bugzilla.redhat.com/1185561
           virt-sparsify should ignore read-only LVs

       https://bugzilla.redhat.com/1182463
           "mknod-b", "mknod-c", and "mkfifo" do not strip non-permissions bits from "mode"

       https://bugzilla.redhat.com/1176493
           virt-v2v ignores sound device when convert xen guest to local kvm

       https://bugzilla.redhat.com/1175676
           Typo error in 'help ping-daemon'

       https://bugzilla.redhat.com/1175196
           "parse-environment" and "parse-environment-list" fail to parse "LIBGUESTFS_TRACE = 0"

       https://bugzilla.redhat.com/1175035
           "is-blockdev"/"is-blockdev-opts" fail to detect "/dev/sda"

       https://bugzilla.redhat.com/1174280
           RFE: Allow v2v conversion of Oracle Linux 5.8 VMware VM

       https://bugzilla.redhat.com/1174200
           New virt-v2v failure: CURL: Error opening file: NSS: client certificate not found
           (nickname not specified): Invalid argument

       https://bugzilla.redhat.com/1174123
           Graphics password disappear after conversion of virt-v2v

       https://bugzilla.redhat.com/1174073
           The listen address for vnc is changed after conversion by virt-v2v

       https://bugzilla.redhat.com/1171666
           inspection thinks EFI partition is a separate operating system

       https://bugzilla.redhat.com/1171130
           virt-v2v conversion of RHEL 3 guest fails with: All of your loopback devices are in
           use

       https://bugzilla.redhat.com/1170685
           Conversion of RHEL 4 guest fails: rpm -ql 1:kernel-utils-2.4-23.el4: virt-v2v: error:
           libguestfs error: command_lines:

       https://bugzilla.redhat.com/1170073
           virt-v2v picks debug kernels over non-debug kernels when versions are equal

       https://bugzilla.redhat.com/1169045
           virt-sparsify: libguestfs error: qemu-img info: 'virtual-size' is not representable as
           a 64 bit integer

       https://bugzilla.redhat.com/1169015
           virt-resize --expand fails on ubuntu-14.04.img image (regression)

       https://bugzilla.redhat.com/1168144
           warning: fstrim: fstrim: /sysroot/: FITRIM ioctl failed: Operation not supported
           (ignored) when convert win2003 guest from xen server

       https://bugzilla.redhat.com/1167921
           p2v: No Network Connection dialog

       https://bugzilla.redhat.com/1167774
           virt-p2v fails with error:"nbd.c:nbd_receive_negotiate():L501: read failed"

       https://bugzilla.redhat.com/1167623
           Remove "If reporting bugs, run virt-v2v with debugging enabled .." message when
           running virt-p2v

       https://bugzilla.redhat.com/1167601
           "Conversion was successful" pop out even virt-p2v fails

       https://bugzilla.redhat.com/1167302
           virt-v2v: warning: ova hard disk has no parent controller when convert from a ova file

       https://bugzilla.redhat.com/1166618
           virt-resize should give out the detail warning info to let customers know what's going
           wrong

       https://bugzilla.redhat.com/1165975
           File "/boot/grub2/device.map" showing is not right after converting a rhel7 guest from
           esx server

       https://bugzilla.redhat.com/1165785
           mount-loop command fails: mount failed: Unknown error -1

       https://bugzilla.redhat.com/1165569
           Disable "cancel conversion" button after virt-p2v conversion finished

       https://bugzilla.redhat.com/1165564
           Provide Reboot/Shutdown button after virt-p2v

       https://bugzilla.redhat.com/1164853
           Booting in qemu found no volume groups and failed checking the filesystems

       https://bugzilla.redhat.com/1164732
           The description of 'help append' is not accurately, it add the kernel options to
           libguestfs appliance not the guest kernel

       https://bugzilla.redhat.com/1164697
           typo errors in man pages

       https://bugzilla.redhat.com/1164619
           Inspect-get-icon failed on RHEL7 guest

       https://bugzilla.redhat.com/1162966
           xfs should also give a warning out to let customer know the limitation

       https://bugzilla.redhat.com/1161575
           Failed to import guest with "rtl8139" nic  to openstack server after converted by v2v

       https://bugzilla.redhat.com/1159651
           virt-sysprep firstboot script is not deleted if it reboot a RHEL 7 guest

       https://bugzilla.redhat.com/1159258
           esx win2008 32 bit guest fail to load after conversion because the firmware isn't ACPI
           compatible

       https://bugzilla.redhat.com/1159016
           libvirt backend does not set RBD password

       https://bugzilla.redhat.com/1158526
           Use password file instead of process interaction

       https://bugzilla.redhat.com/1157679
           virt-p2v-make-disk should add firmwares

       https://bugzilla.redhat.com/1156449
           libguestfs FTBFS on f21 ppc64le

       https://bugzilla.redhat.com/1156301
           virt-inspector support adding a remote disk, but in its man page -a URI / --add URI is
           missing

       https://bugzilla.redhat.com/1155121
           Virt-v2v will fail when using relative path for -i ova

       https://bugzilla.redhat.com/1153844
           Redundancy whitespace at the end of directory name when use <TAB> to complete the
           directory name in guestfish with a xfs filesystem in guest

       https://bugzilla.redhat.com/1153589
           virt-v2v will hang when converting esx guest before disk copy phase

       https://bugzilla.redhat.com/1152998
           virt-v2v / qemu-img fails on ova image

       https://bugzilla.redhat.com/1151910
           virt-ls should remove '/' in the output when specify the directory name as /etc/

       https://bugzilla.redhat.com/1151900
           Should also add a field for directory files when run virt-ls with --csv option

       https://bugzilla.redhat.com/1151033
           virt-v2v conversions from VMware vCenter server run slowly

       https://bugzilla.redhat.com/1146832
           virt-v2v fail to convert guest with disk type volume

       https://bugzilla.redhat.com/1146007
           Input/output error during conversion of esx guest.

       https://bugzilla.redhat.com/1135585
           [RFE] virt-builder should support copying in a directory/list of files

       https://bugzilla.redhat.com/1089566
           [abrt] livecd-tools: kickstart.py:276:apply:IOError: [Errno 2] No such file or
           directory:
           '/run/media/jones/2tp001data/createlive/temp/imgcreate-_dX8Us/install_root/etc/rpm/macros.imgcreate'

       https://bugzilla.redhat.com/1079625
           virt-sparsify fails if a btrfs filesystem contains readonly snapshots

       https://bugzilla.redhat.com/1075164
           RFE: allow passing in a pre-opened libvirt connection from python

       https://bugzilla.redhat.com/912499
           Security context on image file gets reset

       https://bugzilla.redhat.com/889082
           [RFE] virt-v2v should check whether guest with same name exist on target first then
           transfer the disk

       https://bugzilla.redhat.com/855059
           RFE: virt-p2v: display more information about network devices such as topology,
           bonding, etc.

       https://bugzilla.redhat.com/823758
           p2v client should have largest number restrictions for CPU and Memory settings

       https://bugzilla.redhat.com/709327
           hivex cannot read registry hives from ReactOS

       https://bugzilla.redhat.com/709326
           virt-inspector cannot detect ReactOS

       https://bugzilla.redhat.com/119673
           installation via NFS doesn't seem to work

SEE ALSO

       guestfs-examples(1), guestfs-faq(1), guestfs-performance(1), guestfs-recipes(1),
       guestfs-testing(1), guestfs(3), guestfish(1), http://libguestfs.org/

AUTHOR

       Richard W.M. Jones

       Copyright (C) 2009-2020 Red Hat Inc.

LICENSE

       This program is free software; you can redistribute it and/or modify it under the terms of
       the GNU General Public License as published by the Free Software Foundation; either
       version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program;
       if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
       Boston, MA 02110-1301 USA.

BUGS

       To get a list of bugs against libguestfs, use this link:
       https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools

       To report a new bug against libguestfs, use this link:
       https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools

       When reporting a bug, please supply:

       •   The version of libguestfs.

       •   Where you got libguestfs (eg. which Linux distro, compiled from source, etc)

       •   Describe the bug accurately and give a way to reproduce it.

       •   Run libguestfs-test-tool(1) and paste the complete, unedited output into the bug
           report.