[Buildroot] [PATCH 0/3] libvirt and required packages

[Buildroot] [PATCH 0/3] libvirt and required packages

[Carlos Santos]

This series introduces a new package, libvirt, along with some required
changes:

- nmap: add option to build/install ncat

The libvirt daemon (libvirtd) needs a "nc" command with support for Unix
sockets to permit remote management via virt-manager. The netcat-openbsd
package provides such command but requires glibc, so we would not have
remote management on uClibc-based systems. Ncat is compatible with
uClibc and musl.

- netcf: new package

The netcf library library is used by libvirt when udev is not available.

- libvirt: new package

Libvirt is collection of software that provides a convenient way to
manage virtual machines and other virtualization functionality, such as
storage and network interface management. These software pieces include
an API library, a daemon (libvirtd), and a command line utility (virsh).

Carlos Santos (3):
  nmap: add option to build/install ncat
  netcf: new package
  libvirt: new package

 package/Config.in                                  |   2 +
 package/libvirt/Config.in                          |  44 ++++
 package/libvirt/S30devkvmperms                     |  28 +++
 package/libvirt/S90libvirt                         | 139 ++++++++++++
 package/libvirt/device_table.txt                   |  39 ++++
 package/libvirt/libvirt.hash                       |   2 +
 package/libvirt/libvirt.mk                         | 233 +++++++++++++++++++++
 package/netcf/0001-fix-misplaced-empty.patch       |  36 ++++
 ...002-call-aug_load-at-most-once-per-second.patch |  83 ++++++++
 ...g_match-query-for-all-ifcfg-files-related.patch | 113 ++++++++++
 ...ude-bond-element-for-bonds-with-no-slaves.patch |  56 +++++
 ...erly-classify-bond-devices-with-no-slaves.patch |  35 ++++
 ...006-netcf-transaction.sh-remove-bash-isms.patch |  50 +++++
 ...t-script-as-etc-init.d-S30netcf-transacti.patch |  35 ++++
 ...08-configure.ac-fix-AM_INIT_AUTOMAKE-call.patch |  29 +++
 ...LUDES-by-AM_CPPFLAGS-in-some-Makefile.am-.patch |  52 +++++
 package/netcf/Config.in                            |  24 +++
 package/netcf/S30netcf-transaction                 |   9 +
 package/netcf/netcf.hash                           |   2 +
 package/netcf/netcf.mk                             |  22 ++
 package/nmap/Config.in                             |  27 ++-
 package/nmap/nmap.mk                               |  38 +++-
 22 files changed, 1095 insertions(+), 3 deletions(-)
 create mode 100644 package/libvirt/Config.in
 create mode 100755 package/libvirt/S30devkvmperms
 create mode 100644 package/libvirt/S90libvirt
 create mode 100644 package/libvirt/device_table.txt
 create mode 100644 package/libvirt/libvirt.hash
 create mode 100644 package/libvirt/libvirt.mk
 create mode 100644 package/netcf/0001-fix-misplaced-empty.patch
 create mode 100644 package/netcf/0002-call-aug_load-at-most-once-per-second.patch
 create mode 100644 package/netcf/0003-optimize-aug_match-query-for-all-ifcfg-files-related.patch
 create mode 100644 package/netcf/0004-linux-include-bond-element-for-bonds-with-no-slaves.patch
 create mode 100644 package/netcf/0005-Properly-classify-bond-devices-with-no-slaves.patch
 create mode 100644 package/netcf/0006-netcf-transaction.sh-remove-bash-isms.patch
 create mode 100644 package/netcf/0007-Install-init-script-as-etc-init.d-S30netcf-transacti.patch
 create mode 100644 package/netcf/0008-configure.ac-fix-AM_INIT_AUTOMAKE-call.patch
 create mode 100644 package/netcf/0009-Replace-INCLUDES-by-AM_CPPFLAGS-in-some-Makefile.am-.patch
 create mode 100644 package/netcf/Config.in
 create mode 100644 package/netcf/S30netcf-transaction
 create mode 100644 package/netcf/netcf.hash
 create mode 100644 package/netcf/netcf.mk

-- 
2.14.3

[Buildroot] [PATCH 1/3] nmap: add option to build/install ncat

[Carlos Santos]

The forthcoming "libvirt" package will need a "nc" command with support
for Unix domain sockets in order to permit remote management using the
virt-manager utility. netcat-openbsd provides such command but requires
glibc, so we would not have remote management on uClibc-based systems.

Ncat is a much-improved reimplementation of the venerable Netcat and is
compatible with uClibc and musl. It provides features not available in
the ancient GNU netcat and its Busybox double like IPv6, proxies, and
Unix sockets.

Tha nmap package now installs ncat if the BR2_PACKAGE_NMAP_NCAT option
is selected. The other programs (nmap, ndiff, etc.) are chosen via the
BR2_PACKAGE_NMAP_NMAP option.

We symlink 'nc' to ncat if neiter netcat nor netcat-openbsd is selected,
even though ncat does not have the same interface as netcat-openbsd.
However, since Fedora/RHEL install nmap-ncat as 'nc', it can be assumed
that packages that depend on 'nc' know how to deal with this diversity.
For example, the virt-manager package does that. Also user-supplied
scripts can be assumed to do the right thing, since the user also
selects whether nmap-ncat, netcat or netcat-openbsd is installed.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
---
Changes v1->v2:
  - Add dependens on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS, like netcat does
  - Remove forced dependence on busybox, since its installation script
    does not override existing programs.
Changes v2->v3:
  - Use a better logic to select either ncat tools, nmap or both, as
    suggested by Arnout Vandecappelle and Thomas Petazzoni.
  - Add a prominent comment about the symlink to 'nc', as suggested by
    Arnout.
Changes v3->v4:
  - Restore forced dependence on busybox, since it may be necessary if
    packages become built in parallel, leading to a race condition on
    the creation of the "nc" link.
Changes v4->v5
  - Rebase to "next" head.
  - Explain the this change is required by the forthcoming libvirt
    package.
---
 package/nmap/Config.in | 27 ++++++++++++++++++++++++++-
 package/nmap/nmap.mk   | 38 ++++++++++++++++++++++++++++++++++++--
 2 files changed, 62 insertions(+), 3 deletions(-)

diff --git a/package/nmap/Config.in b/package/nmap/Config.in
index 79f587afd1..1843bb6ade 100644
--- a/package/nmap/Config.in
+++ b/package/nmap/Config.in
@@ -4,6 +4,12 @@ config BR2_PACKAGE_NMAP
 	depends on BR2_USE_MMU # fork()
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	select BR2_PACKAGE_LIBPCAP
+	select BR2_PACKAGE_NMAP_NMAP if !BR2_PACKAGE_NMAP_NCAT
+
+if  BR2_PACKAGE_NMAP
+
+config BR2_PACKAGE_NMAP_NMAP
+	bool "install nmap tools"
 	select BR2_PACKAGE_PCRE
 	help
 	  Nmap ("Network Mapper") is a free and open source (license)
@@ -11,6 +17,25 @@ config BR2_PACKAGE_NMAP
 
 	  http://nmap.org
 
-comment "nmap needs a toolchain w/ C++, threads"
+config BR2_PACKAGE_NMAP_NCAT
+	bool "install ncat"
+	depends on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
+	help
+	  Ncat is a feature-packed networking utility which reads and
+	  writes data across networks from the command line. Ncat was
+	  written for the Nmap Project as a much-improved
+	  reimplementation of the venerable Netcat.
+
+	  If symlink to "nc" is installed if neither netcat or
+	  netcat-openbsd is selected.
+
+comment "a symlink from ncat to 'nc' will be installed"
+	depends on BR2_PACKAGE_NMAP_NCAT
+	depends on !BR2_PACKAGE_NETCAT
+	depends on !BR2_PACKAGE_NETCAT_OPENBSD
+
+endif
+
+comment "nmap-nmap needs a toolchain w/ C++, threads"
 	depends on BR2_USE_MMU
 	depends on !(BR2_INSTALL_LIBSTDCPP && BR2_TOOLCHAIN_HAS_THREADS)
diff --git a/package/nmap/nmap.mk b/package/nmap/nmap.mk
index ceb08ec006..303eaf9a35 100644
--- a/package/nmap/nmap.mk
+++ b/package/nmap/nmap.mk
@@ -7,10 +7,10 @@
 NMAP_VERSION = 7.60
 NMAP_SITE = https://nmap.org/dist
 NMAP_SOURCE = nmap-$(NMAP_VERSION).tar.bz2
-NMAP_DEPENDENCIES = libpcap pcre host-autoconf
+NMAP_DEPENDENCIES = libpcap host-autoconf
 NMAP_CONF_OPTS = --without-liblua --without-zenmap \
 	--with-libdnet=included --with-liblinear=included \
-	--with-libpcre="$(STAGING_DIR)/usr" --without-ncat
+	--with-libpcre="$(STAGING_DIR)/usr"
 NMAP_LICENSE = GPL-2.0
 NMAP_LICENSE_FILES = COPYING
 
@@ -51,6 +51,16 @@ else
 NMAP_CONF_OPTS += --without-openssl
 endif
 
+ifeq ($(BR2_PACKAGE_NMAP_NMAP),y)
+
+# Ensure Busybox gets built/installed before, so that this package
+# overrides Busybox nc.
+ifeq ($(BR2_PACKAGE_BUSYBOX),y)
+NMAP_DEPENDENCIES += busybox
+endif
+
+NMAP_DEPENDENCIES += pcre
+
 # ndiff only works with python2.x
 ifeq ($(BR2_PACKAGE_PYTHON),y)
 NMAP_DEPENDENCIES += python
@@ -58,4 +68,28 @@ else
 NMAP_CONF_OPTS += --without-ndiff
 endif
 
+ifeq ($(BR2_PACKAGE_NMAP_NCAT),)
+NMAP_CONF_OPTS += --without-ncat
+endif
+
+else # only ncat
+
+NMAP_CONF_OPTS += --without-ndiff --without-zenmap --without-nping --without-nmap-update
+define NMAP_BUILD_CMDS
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) build-ncat
+endef
+define NMAP_INSTALL_TARGET_CMDS
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install-ncat
+endef
+
+endif
+
+# Add a symlink to "nc" if none of the competing netcats is selected
+ifeq ($(BR2_PACKAGE_NMAP_NCAT):$(BR2_PACKAGE_NETCAT)$(BR2_PACKAGE_NETCAT_OPENBSD),y:)
+define NMAP_INSTALL_NCAT_SYMLINK
+        ln -fs ncat $(TARGET_DIR)/usr/bin/nc
+endef
+NMAP_POST_INSTALL_TARGET_HOOKS += NMAP_INSTALL_NCAT_SYMLINK
+endif
+
 $(eval $(autotools-package))
-- 
2.14.3

[Buildroot] [PATCH 2/3] netcf: new package

[Carlos Santos]

netcf is a cross-platform network configuration library. It takes the
description of a network interface in its own platform-independent
format and adapts the local system's network configuration to provide
that interface.

Both the ncftool utility and libnetcf are installed. The library is used
by libvirt (forthcoming package) when udev is not available.

netcf was originally hosted at fedorahosted.org, which was retired on
March 1st, 2017, so we take the code fom the Debian snapshot archive.

Five bug fixes were imported from Fedora 26. Four additional patches are
required to clean-up the code and adapt it to the Buildroot directory
hierarchy.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
---
 package/Config.in                                  |   1 +
 package/netcf/0001-fix-misplaced-empty.patch       |  36 +++++++
 ...002-call-aug_load-at-most-once-per-second.patch |  83 +++++++++++++++
 ...g_match-query-for-all-ifcfg-files-related.patch | 113 +++++++++++++++++++++
 ...ude-bond-element-for-bonds-with-no-slaves.patch |  56 ++++++++++
 ...erly-classify-bond-devices-with-no-slaves.patch |  35 +++++++
 ...006-netcf-transaction.sh-remove-bash-isms.patch |  50 +++++++++
 ...t-script-as-etc-init.d-S30netcf-transacti.patch |  35 +++++++
 ...08-configure.ac-fix-AM_INIT_AUTOMAKE-call.patch |  29 ++++++
 ...LUDES-by-AM_CPPFLAGS-in-some-Makefile.am-.patch |  52 ++++++++++
 package/netcf/Config.in                            |  24 +++++
 package/netcf/S30netcf-transaction                 |   9 ++
 package/netcf/netcf.hash                           |   2 +
 package/netcf/netcf.mk                             |  22 ++++
 14 files changed, 547 insertions(+)
 create mode 100644 package/netcf/0001-fix-misplaced-empty.patch
 create mode 100644 package/netcf/0002-call-aug_load-at-most-once-per-second.patch
 create mode 100644 package/netcf/0003-optimize-aug_match-query-for-all-ifcfg-files-related.patch
 create mode 100644 package/netcf/0004-linux-include-bond-element-for-bonds-with-no-slaves.patch
 create mode 100644 package/netcf/0005-Properly-classify-bond-devices-with-no-slaves.patch
 create mode 100644 package/netcf/0006-netcf-transaction.sh-remove-bash-isms.patch
 create mode 100644 package/netcf/0007-Install-init-script-as-etc-init.d-S30netcf-transacti.patch
 create mode 100644 package/netcf/0008-configure.ac-fix-AM_INIT_AUTOMAKE-call.patch
 create mode 100644 package/netcf/0009-Replace-INCLUDES-by-AM_CPPFLAGS-in-some-Makefile.am-.patch
 create mode 100644 package/netcf/Config.in
 create mode 100644 package/netcf/S30netcf-transaction
 create mode 100644 package/netcf/netcf.hash
 create mode 100644 package/netcf/netcf.mk

diff --git a/package/Config.in b/package/Config.in
index 86acab6427..cdfb90151a 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1710,6 +1710,7 @@ menu "Networking applications"
 	source "package/nbd/Config.in"
 	source "package/ncftp/Config.in"
 	source "package/ndisc6/Config.in"
+	source "package/netcf/Config.in"
 	source "package/netatalk/Config.in"
 	source "package/netcat/Config.in"
 	source "package/netcat-openbsd/Config.in"
diff --git a/package/netcf/0001-fix-misplaced-empty.patch b/package/netcf/0001-fix-misplaced-empty.patch
new file mode 100644
index 0000000000..74a3a63d7a
--- /dev/null
+++ b/package/netcf/0001-fix-misplaced-empty.patch
@@ -0,0 +1,36 @@
+From 8e00e9c0ba6b66035defc94470ac863f04eba4b5 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Thu, 21 May 2015 11:40:53 -0400
+Subject: [PATCH 1/9] fix misplaced <empty/>
+
+When transcribing the link-speed-state bits from libvirt's
+interface.rng to netcf's, I accidentally added an "<empty/>" in the
+wrong place. It should have gone inside the definition of the <link>
+element, rather than just after <link> in the <interface> element.
+---
+ data/xml/interface.rng | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/data/xml/interface.rng b/data/xml/interface.rng
+index 8d70e8b..9098cc9 100644
+--- a/data/xml/interface.rng
++++ b/data/xml/interface.rng
+@@ -41,7 +41,6 @@
+         </element>
+       </optional>
+       <ref name="link-speed-state"/>
+-      <empty/>
+       <!-- FIXME: Allow (some) ethtool options -->
+     </interleave>
+   </define>
+@@ -489,6 +488,7 @@
+         <optional>
+           <attribute name="state"><ref name="link-state"/></attribute>
+         </optional>
++        <empty/>
+       </element>
+     </optional>
+   </define>
+-- 
+2.13.6
+
diff --git a/package/netcf/0002-call-aug_load-at-most-once-per-second.patch b/package/netcf/0002-call-aug_load-at-most-once-per-second.patch
new file mode 100644
index 0000000000..c4f3a308df
--- /dev/null
+++ b/package/netcf/0002-call-aug_load-at-most-once-per-second.patch
@@ -0,0 +1,83 @@
+From 9b5f4eb57af28a604cd7ac8b2c1be9e49f0b517d Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Mon, 28 Sep 2015 17:11:11 -0400
+Subject: [PATCH 2/9] call aug_load() at most once per second
+
+Previously, netcf would call aug_load() at the start of each public
+API call, and rely on augeas quickly determining if the files needed
+to be reread based on checking the mtime of all files. With a large
+number of files (i.e. several hundred ifcfg files) just checking the
+mtime of all files ends up taking quite a long time; enough to turn a
+simple "virsh iface-list" of 300 bridges + 300 vlans into a 22 second
+ordeal.
+
+With this patch applied, netcf will only call aug_load() at most once
+every second, resulting in runtime for virsh iface-list going down to
+< 1 second.
+
+The trade-off is that the results of a netcf API call could be up to 1
+second out of date (but only due to changes in the config external to
+netcf). Since ifcfg files change very infrequently, this is likely
+acceptable.
+---
+ src/dutil_linux.c | 8 +++++++-
+ src/dutil_linux.h | 1 +
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/dutil_linux.c b/src/dutil_linux.c
+index 0850593..24f4d95 100644
+--- a/src/dutil_linux.c
++++ b/src/dutil_linux.c
+@@ -32,6 +32,7 @@
+ #include <unistd.h>
+ #include <ctype.h>
+ #include <errno.h>
++#include <time.h>
+ 
+ #include <dirent.h>
+ #include <sys/wait.h>
+@@ -151,6 +152,7 @@ int remove_augeas_xfm_table(struct netcf *ncf,
+  */
+ augeas *get_augeas(struct netcf *ncf) {
+     int r;
++    time_t current_time;
+ 
+     if (ncf->driver->augeas == NULL) {
+         augeas *aug;
+@@ -186,9 +188,12 @@ augeas *get_augeas(struct netcf *ncf) {
+         }
+         ncf->driver->copy_augeas_xfm = 0;
+         ncf->driver->load_augeas = 1;
++        ncf->driver->load_augeas_time = 0;
+     }
+ 
+-    if (ncf->driver->load_augeas) {
++    current_time = time(NULL);
++    if (ncf->driver->load_augeas &&
++        ncf->driver->load_augeas_time != current_time) {
+         augeas *aug = ncf->driver->augeas;
+ 
+         r = aug_load(aug);
+@@ -207,6 +212,7 @@ augeas *get_augeas(struct netcf *ncf) {
+         }
+         ERR_THROW(r > 0, ncf, EOTHER, "errors in loading some config files");
+         ncf->driver->load_augeas = 0;
++        ncf->driver->load_augeas_time = current_time;
+     }
+     return ncf->driver->augeas;
+  error:
+diff --git a/src/dutil_linux.h b/src/dutil_linux.h
+index a06a15c..75ac631 100644
+--- a/src/dutil_linux.h
++++ b/src/dutil_linux.h
+@@ -41,6 +41,7 @@ struct driver {
+     struct nl_sock     *nl_sock;
+     struct nl_cache   *link_cache;
+     struct nl_cache   *addr_cache;
++    time_t             load_augeas_time;
+     unsigned int       load_augeas : 1;
+     unsigned int       copy_augeas_xfm : 1;
+     unsigned int       augeas_xfm_num_tables;
+-- 
+2.13.6
+
diff --git a/package/netcf/0003-optimize-aug_match-query-for-all-ifcfg-files-related.patch b/package/netcf/0003-optimize-aug_match-query-for-all-ifcfg-files-related.patch
new file mode 100644
index 0000000000..2d4003e450
--- /dev/null
+++ b/package/netcf/0003-optimize-aug_match-query-for-all-ifcfg-files-related.patch
@@ -0,0 +1,113 @@
+From 396e4e0698d9fb542f2eb8b32790a069e1c0df61 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Wed, 7 Oct 2015 13:49:45 -0400
+Subject: [PATCH 3/9] optimize aug_match() query for all ifcfg files related to
+ an interface
+
+This resolves:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=1269613
+
+The original augeas search term used by netcf to find, for example, all the
+ifcfg files associated with device "br1" was:
+
+     "/files/etc/sysconfig/network-scripts/*[ "
+     "DEVICE = 'br1' or BRIDGE = 'br1' or MASTER = 'br1' or MASTER = "
+     "../*[BRIDGE = 'br1']/DEVICE ]/DEVICE"
+
+This is *extremely* inefficient - on a test host with 514 host
+bridges, each with an attached vlan interface, a dumpxml of all
+toplevel interfaces took 6m40s (*after* installing an augeas that
+included augeas upstream commits a659f09a, 41e989ca, and 23d5e480
+which were all pushed after the augeas-1.4.0 release).
+
+In these two messages:
+
+ https://www.redhat.com/archives/augeas-devel/2015-October/msg00003.html
+ https://www.redhat.com/archives/augeas-devel/2015-October/msg00004.html
+
+David Lutterkort suggested changing the search term to:
+
+  "(/files/etc/sysconfig/network-scripts/*[(DEVICE|BRIDGE|MASTER) = 'br1']"
+  "|/files/etc/sysconfig/network-scripts/*[MASTER]"
+  "[MASTER = ../*[BRIDGE = 'br1']/DEVICE ])/DEVICE
+
+That's what this patch does. Testing shows that it is functionally
+equivalent, and reduces the dumpxml time in the previously described
+test from 6m40s down to 17 seconds.
+---
+ src/drv_redhat.c | 44 ++++++++++++++++++++++++++++++++++----------
+ 1 file changed, 34 insertions(+), 10 deletions(-)
+
+diff --git a/src/drv_redhat.c b/src/drv_redhat.c
+index 4935f98..092ef5c 100644
+--- a/src/drv_redhat.c
++++ b/src/drv_redhat.c
+@@ -88,6 +88,38 @@ static const struct augeas_xfm_table augeas_xfm_common =
+     { .size = ARRAY_CARDINALITY(augeas_xfm_common_pv),
+       .pv = augeas_xfm_common_pv };
+ 
++/* aug_all_related_ifcfgs() - return the count of (and optionally a list
++ * of, if matches != NULL) the paths for all ifcfg files that are
++ * related to the interface "name".
++ */
++static
++int aug_all_related_ifcfgs(struct netcf *ncf, char ***matches, const char *name) {
++    int nmatches;
++
++    /* this includes the ifcfg files for:
++     *
++     * 1) the named interface itself (DEVICE=$name)
++     *
++     * 2) any interface naming $name as a bridge it is attached to
++     *    (BRIDGE=$name)
++     *
++     * 3) any interface naming $name as the master of a bond it is
++     *    enslaved to (MASTER=$name)
++     *
++     * 4) any interface with a MASTER, where the device named as
++     *    MASTER contains a BRIDGE=$name *and* DEVICE=$itself (thus
++     *    catching ethernet devices that are enslaved to a bond that
++     *    is attached to a bridge).
++     */
++    nmatches = aug_fmt_match(ncf, matches,
++                             "(%s[(DEVICE|BRIDGE|MASTER) = '%s']"
++                             "|%s[MASTER][MASTER = ../*[BRIDGE = '%s']/DEVICE "
++                             "])/DEVICE",
++                             ifcfg_path, name, ifcfg_path, name);
++    return nmatches;
++
++}
++
+ /* Entries in a ifcfg file that tell us that the interface
+  * is not a toplevel interface
+  */
+@@ -108,12 +140,7 @@ static int is_slave(struct netcf *ncf, const char *intf) {
+ static bool has_ifcfg_file(struct netcf *ncf, const char *name) {
+     int nmatches;
+ 
+-    nmatches = aug_fmt_match(ncf, NULL,
+-                             "%s[ DEVICE = '%s'"
+-                             "    or BRIDGE = '%s'"
+-                             "    or MASTER = '%s'"
+-                             "    or MASTER = ../*[BRIDGE = '%s']/DEVICE ]/DEVICE",
+-                             ifcfg_path, name, name, name, name);
++    nmatches = aug_all_related_ifcfgs(ncf, NULL, name);
+     return nmatches > 0;
+ }
+ 
+@@ -588,10 +615,7 @@ static xmlDocPtr aug_get_xml_for_nif(struct netcf_if *nif) {
+     int ndevs = 0, nint = 0;
+ 
+     ncf = nif->ncf;
+-    ndevs = aug_fmt_match(ncf, &devs,
+-              "%s[ DEVICE = '%s' or BRIDGE = '%s' or MASTER = '%s'"
+-              "    or MASTER = ../*[BRIDGE = '%s']/DEVICE ]/DEVICE",
+-              ifcfg_path, nif->name, nif->name, nif->name, nif->name);
++    ndevs = aug_all_related_ifcfgs(ncf, &devs, nif->name);
+     ERR_BAIL(ncf);
+ 
+     nint = uniq_ifcfg_paths(ncf, ndevs, devs, &intf);
+-- 
+2.13.6
+
diff --git a/package/netcf/0004-linux-include-bond-element-for-bonds-with-no-slaves.patch b/package/netcf/0004-linux-include-bond-element-for-bonds-with-no-slaves.patch
new file mode 100644
index 0000000000..e552cff70b
--- /dev/null
+++ b/package/netcf/0004-linux-include-bond-element-for-bonds-with-no-slaves.patch
@@ -0,0 +1,56 @@
+From cfe1eb87f7f152ab5d6456ef8ecd7aab38d376fa Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Wed, 27 May 2015 19:30:25 +0200
+Subject: [PATCH 4/9] linux: include <bond> element for bonds with no slaves
+
+The missing element makes libvirt sad:
+
+  $ ncftool dumpxml --live nm-bond
+  <?xml version="1.0"?>
+  <interface name="nm-bond" type="bond">
+    <link state="unknown" speed="0"/>
+    <protocol family="ipv4">
+      <ip address="1.2.3.4" prefix="8"/>
+    </protocol>
+  </interface>
+
+  $ virsh iface-dumpxml nm-bond
+  error: XML error: bond interface misses the bond element
+
+This is analogous what was done in d32a464c (Always add <bridge> element to
+bridge if, even if no physdev is attached) for bridges.
+---
+ src/dutil_linux.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/dutil_linux.c b/src/dutil_linux.c
+index 24f4d95..022eed0 100644
+--- a/src/dutil_linux.c
++++ b/src/dutil_linux.c
+@@ -1055,9 +1055,6 @@ static void add_bond_info_cb(struct nl_object *obj,
+         || rtnl_link_get_master(iflink) != cb_data->master_ifindex)
+         return;
+ 
+-    cb_data->bond = xml_node(cb_data->doc, cb_data->root, "bond");
+-    ERR_NOMEM(cb_data->bond == NULL, ncf);
+-
+     /* XXX - if we learn where to get bridge "mode" property, set it here */
+ 
+     /* XXX - need to add node like one of these:
+@@ -1089,7 +1086,13 @@ static void add_bond_info(struct netcf *ncf,
+     if (ifindex == RTNL_LINK_NOT_FOUND)
+         return;
+ 
++    cb_data.bond = xml_node(doc, root, "bond");
++    ERR_NOMEM(cb_data.bond == NULL, ncf);
++
+     nl_cache_foreach(ncf->driver->link_cache, add_bond_info_cb, &cb_data);
++
++error:
++    return;
+ }
+ 
+ 
+-- 
+2.13.6
+
diff --git a/package/netcf/0005-Properly-classify-bond-devices-with-no-slaves.patch b/package/netcf/0005-Properly-classify-bond-devices-with-no-slaves.patch
new file mode 100644
index 0000000000..f255669dab
--- /dev/null
+++ b/package/netcf/0005-Properly-classify-bond-devices-with-no-slaves.patch
@@ -0,0 +1,35 @@
+From f3ec5157c7fc97e31c7b48e3a56da268de7e4216 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Tue, 13 Oct 2015 14:42:35 -0400
+Subject: [PATCH 5/9] Properly classify bond devices with no slaves
+
+Although initscripts only considers an interface to be a bond if it
+has slaves, there are times when setting up a bond, or testing, when a
+bond may not have any slaves (yet) but does have a BONDING_OPTS
+attribute. Previously in those situations netcf would identify the
+interface as a plain ethernet. This patch makes the check more
+inclusive - now any interface with slaves *or* with a BONDING_OPTS
+attribute is considered to be a bond.
+
+This patch was inspired by an earlier patch sent by Lubomir Rintel
+which looked for BONDING_OPTS *instead of* looking for slaves.
+---
+ data/xml/redhat-put.xsl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/data/xml/redhat-put.xsl b/data/xml/redhat-put.xsl
+index ed56c66..89145e5 100644
+--- a/data/xml/redhat-put.xsl
++++ b/data/xml/redhat-put.xsl
+@@ -135,7 +135,7 @@
+   </xsl:template>
+ 
+   <xsl:template name="bond-interface"
+-                match="tree[node[@label = 'DEVICE'][@value = //tree/node[@label = 'MASTER']/@value]][count(node[@label = 'BRIDGE']) = 0]">
++                match="tree[count(node[@label = 'BONDING_OPTS']) or (node[@label = 'DEVICE'][@value = //tree/node[@label = 'MASTER']/@value])][count(node[@label = 'BRIDGE']) = 0]">
+     <interface type="bond">
+       <xsl:call-template name="name-attr"/>
+       <xsl:call-template name="startmode"/>
+-- 
+2.13.6
+
diff --git a/package/netcf/0006-netcf-transaction.sh-remove-bash-isms.patch b/package/netcf/0006-netcf-transaction.sh-remove-bash-isms.patch
new file mode 100644
index 0000000000..c25cc779af
--- /dev/null
+++ b/package/netcf/0006-netcf-transaction.sh-remove-bash-isms.patch
@@ -0,0 +1,50 @@
+From 91cdbd05a82be014f43d549ddcf5a67471a5f029 Mon Sep 17 00:00:00 2001
+From: Carlos Santos <casantos@datacom.ind.br>
+Date: Sun, 8 Oct 2017 09:36:42 -0300
+Subject: [PATCH 6/9] netcf-transaction.sh: remove bash-isms
+
+echo $"..." -> echo "..."
+echo -n $"...$a $b" -> printf "... %s %s" "$a" "$b"
+
+Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
+---
+ src/netcf-transaction.sh.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/netcf-transaction.sh.in b/src/netcf-transaction.sh.in
+index c9aafdf..f668d40 100644
+--- a/src/netcf-transaction.sh.in
++++ b/src/netcf-transaction.sh.in
+@@ -197,7 +197,7 @@ change_rollback ()
+ # usage [val]
+ # Display usage string, then exit with VAL (defaults to 2).
+ usage() {
+-    echo $"Usage: $0 {change-begin|change-commit|change-rollback|snapshot-dir|start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
++    echo "Usage: $0 {change-begin|change-commit|change-rollback|snapshot-dir|start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+     exit ${1-2}
+ }
+ 
+@@ -210,7 +210,7 @@ retval=0
+ case "$1" in
+     # commands required in all Fedora initscripts
+     start|restart|reload|force-reload|condrestart|try-restart)
+-        echo -n $"Running $prog $1: "
++        printf "Running %s %s: " "$0" "$1"
+         change_rollback
+         # ignore the "no pending transaction" error
+         test "$retval" != "$EINVALID_IN_THIS_STATE" && retval=$?
+@@ -219,9 +219,9 @@ case "$1" in
+     stop|status)
+         if test -d "$snapshotdir"
+         then
+-            echo $"There is an open transaction"
++            echo "There is an open transaction"
+         else
+-            echo $"No open transaction"
++            echo "No open transaction"
+         fi
+         ;;
+ 
+-- 
+2.13.6
+
diff --git a/package/netcf/0007-Install-init-script-as-etc-init.d-S30netcf-transacti.patch b/package/netcf/0007-Install-init-script-as-etc-init.d-S30netcf-transacti.patch
new file mode 100644
index 0000000000..5e3c553958
--- /dev/null
+++ b/package/netcf/0007-Install-init-script-as-etc-init.d-S30netcf-transacti.patch
@@ -0,0 +1,35 @@
+From e7aa162d0a14684dafa5d8316c34d19ba01ed503 Mon Sep 17 00:00:00 2001
+From: Carlos Santos <casantos@datacom.ind.br>
+Date: Sun, 8 Oct 2017 09:43:08 -0300
+Subject: [PATCH 7/9] Install init script as /etc/init.d/S30netcf-transaction
+
+This is for Buildroot, only.
+
+Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
+---
+ src/Makefile.am | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 2f76614..ce04b43 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -138,12 +138,12 @@ BUILT_SOURCES += netcf-transaction.sh
+ 
+ if NETCF_USE_INITSCRIPTS
+ install-sysinit: netcf-transaction.init
+-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
++	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/init.d
+ 	$(INSTALL_SCRIPT) netcf-transaction.init \
+-	  $(DESTDIR)$(sysconfdir)/rc.d/init.d/netcf-transaction
++	  $(DESTDIR)$(sysconfdir)/init.d/S30netcf-transaction
+ 
+ uninstall-sysinit:
+-	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/netcf-transaction \
++	rm -f $(DESTDIR)$(sysconfdir)/init.d/S30netcf-transaction \
+ 	  $(DESTDIR)$(sysconfdir)/sysconfig/netcf-transaction
+ 
+ netcf-transaction.init: netcf-transaction.init.in \
+-- 
+2.13.6
+
diff --git a/package/netcf/0008-configure.ac-fix-AM_INIT_AUTOMAKE-call.patch b/package/netcf/0008-configure.ac-fix-AM_INIT_AUTOMAKE-call.patch
new file mode 100644
index 0000000000..4331d84b55
--- /dev/null
+++ b/package/netcf/0008-configure.ac-fix-AM_INIT_AUTOMAKE-call.patch
@@ -0,0 +1,29 @@
+From 6daa25084b553351255e8f3e6b252a446e5f88fc Mon Sep 17 00:00:00 2001
+From: Carlos Santos <casantos@datacom.ind.br>
+Date: Sun, 8 Oct 2017 13:16:41 -0300
+Subject: [PATCH 8/9] configure.ac: fix AM_INIT_AUTOMAKE call
+
+Add the subdir-objects options, since the main Makefile.am references
+files in subdirectories, to silence a warning when autoreconfiguring.
+
+Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 15c47cd..1ca80ef 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -3,7 +3,7 @@ AC_CONFIG_SRCDIR([src/netcf.c])
+ AC_CONFIG_AUX_DIR([build-aux])
+ AC_CONFIG_MACRO_DIR([gnulib/m4])
+ AC_CONFIG_HEADERS([config.h])
+-AM_INIT_AUTOMAKE([-Wno-portability 1.11 color-tests parallel-tests])
++AM_INIT_AUTOMAKE([-Wno-portability 1.11 subdir-objects color-tests parallel-tests])
+ AM_SILENT_RULES([yes]) # make --enable-silent-rules the default.
+ AC_CANONICAL_HOST
+ 
+-- 
+2.13.6
+
diff --git a/package/netcf/0009-Replace-INCLUDES-by-AM_CPPFLAGS-in-some-Makefile.am-.patch b/package/netcf/0009-Replace-INCLUDES-by-AM_CPPFLAGS-in-some-Makefile.am-.patch
new file mode 100644
index 0000000000..c23e7a223c
--- /dev/null
+++ b/package/netcf/0009-Replace-INCLUDES-by-AM_CPPFLAGS-in-some-Makefile.am-.patch
@@ -0,0 +1,52 @@
+From decbcbbea45b4511353dc5ff8cd9465d9cf8d1dd Mon Sep 17 00:00:00 2001
+From: Carlos Santos <casantos@datacom.ind.br>
+Date: Sun, 8 Oct 2017 13:26:54 -0300
+Subject: [PATCH 9/9] Replace INCLUDES by AM_CPPFLAGS in some Makefile.am files
+
+Also, do not redefine AM_CPPFLAGS in gnulib/tests/Makefile.am, since
+this is already done in gnulib.mk (generated file), which Makefile.am
+includes. This silences some warnings when autoreconfiguring.
+
+Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
+---
+ gnulib/lib/Makefile.am   | 2 +-
+ gnulib/tests/Makefile.am | 2 --
+ tests/Makefile.am        | 2 +-
+ 3 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/gnulib/lib/Makefile.am b/gnulib/lib/Makefile.am
+index 4009220..90383ca 100644
+--- a/gnulib/lib/Makefile.am
++++ b/gnulib/lib/Makefile.am
+@@ -13,4 +13,4 @@ CLEANFILES=
+ 
+ include gnulib.mk
+ 
+-INCLUDES = $(GETTEXT_CPPFLAGS)
++AM_CPPFLAGS = $(GETTEXT_CPPFLAGS)
+diff --git a/gnulib/tests/Makefile.am b/gnulib/tests/Makefile.am
+index 3445c6d..59041bb 100644
+--- a/gnulib/tests/Makefile.am
++++ b/gnulib/tests/Makefile.am
+@@ -4,5 +4,3 @@
+ ## See COPYING.LIB for the License of this software
+ 
+ include gnulib.mk
+-
+-INCLUDES = $(GETTEXT_CPPFLAGS)
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 641222d..7635c2e 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -14,7 +14,7 @@ TESTS_ENVIRONMENT = \
+   abs_top_builddir='$(abs_top_builddir)' \
+   abs_top_srcdir='$(abs_top_srcdir)'
+ 
+-INCLUDES = -I$(top_srcdir)/src
++AM_CPPFLAGS = -I$(top_srcdir)/src
+ 
+ TESTS=
+ check_PROGRAMS=
+-- 
+2.13.6
+
diff --git a/package/netcf/Config.in b/package/netcf/Config.in
new file mode 100644
index 0000000000..d38c2dcef0
--- /dev/null
+++ b/package/netcf/Config.in
@@ -0,0 +1,24 @@
+config BR2_PACKAGE_NETCF
+	bool "netcf"
+	depends on !BR2_arc # augeas
+	depends on !BR2_STATIC_LIBS # libnl
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libnl
+	depends on BR2_USE_MMU # fork()
+	depends on BR2_USE_WCHAR # augeas
+	select BR2_PACKAGE_AUGEAS
+	select BR2_PACKAGE_LIBNL
+	select BR2_PACKAGE_LIBXML2
+	select BR2_PACKAGE_LIBXSLT
+	select BR2_PACKAGE_READLINE
+	help
+	  netcf is a cross-platform network configuration library.
+
+	  It takes the description of a network interface in its own
+	  platform-independent format and adapts the local system's
+	  network configuration to provide that interface.
+
+	  Both the ncftool utility and libnetcf are installed.
+
+comment "netcf needs a toolchain w/ wchar"
+	depends on !BR2_arc
+	depends on !BR2_USE_WCHAR
diff --git a/package/netcf/S30netcf-transaction b/package/netcf/S30netcf-transaction
new file mode 100644
index 0000000000..ad67123916
--- /dev/null
+++ b/package/netcf/S30netcf-transaction
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# This script can save the current state of network config, and later
+# revert to that config, or commit the new config (by deleting the
+# snapshot). At boot time, if there are uncommitted changes to the
+# network config, they are reverted (and the discarded changes are
+# archived in /var/lib/netcf/network-rollback-*).
+
+exec /usr/libexec/netcf-transaction.sh "$@"
diff --git a/package/netcf/netcf.hash b/package/netcf/netcf.hash
new file mode 100644
index 0000000000..2ba2a5c204
--- /dev/null
+++ b/package/netcf/netcf.hash
@@ -0,0 +1,2 @@
+# Locally computed:
+sha256 fd81d607795547807150dfdb82bd164ab2569369ab48a30cb6b0d010d17b127c  netcf_0.2.8.orig.tar.gz
diff --git a/package/netcf/netcf.mk b/package/netcf/netcf.mk
new file mode 100644
index 0000000000..bd2bc8715d
--- /dev/null
+++ b/package/netcf/netcf.mk
@@ -0,0 +1,22 @@
+################################################################################
+#
+# netcf
+#
+################################################################################
+
+NETCF_VERSION = 0.2.8
+NETCF_SITE = http://snapshot.debian.org/archive/debian/20171007T103908Z/pool/main/n/netcf
+NETCF_SOURCE = netcf_$(NETCF_VERSION).orig.tar.gz
+NETCF_INSTALL_STAGING = YES
+NETCF_LICENSE = LGPL-2.1+
+NETCF_LICENSE_FILES = COPYING
+NETCF_DEPENDENCIES = augeas libnl libxml2 libxslt readline
+NETCF_INSTALL_STAGING = YES
+
+# 0007-Install-init-script-as-etc-init.d-S30netcf-transacti.patch
+NETCF_AUTORECONF = YES
+
+NETCF_CONF_OPTS = \
+	--with-sysinit=$(if $(BR2_INIT_SYSTEMD),systemd,$(if $(BR2_INIT_NONE),none,initscripts))
+
+$(eval $(autotools-package))
-- 
2.14.3

[Buildroot] [PATCH 3/3] libvirt: new package

[Carlos Santos]

Libvirt is collection of software that provides a convenient way to
manage virtual machines and other virtualization functionality, such as
storage and network interface management. These software pieces include
an API library, a daemon (libvirtd), and a command line utility (virsh).

http://libvirt.org/

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
---
History:
v1: primitive package, for experimental purposes only
v1->v2:
  - Clarify dependence on !BR2_TOOLCHAIN_USES_MUSL
  - Add run-time dependence dnsmask
  - Add dependence on eudev and libpciaccess when eudev is selected
    (thus detected by configure).
v2->v3:
  - Condition the use of libtirpc to !BR2_TOOLCHAIN_HAS_NATIVE_RPC
  - Check for BR2_PACKAGE_HAS_UDEV instead of BR2_PACKAGE_EUDEV
v3->v4:
  - Fix version history :-).
  - Add optional dependency on several packages (e.g. attr, libpcap),
    depending on wether they are selected or not, and explicitly disable
    features whose required packages are not selected. This is very
    important to prevent selection of features based on leaks from the
    host environment (e.g. finding /usr/bin/numad on the host machine).
  - Enable the "interface" driver if either udev or netcf is available.
  - Disable pm-utils support, since there is no package for Buildroot.
  - Use either openssl or gnutls, if available.
  - Run qemu as user "qemu", group "kvm", not as root.
  - Add a LIBVIRT_USERS variable to create user "qemu" an group "kvm".
  - Add a device table file to set the ownership and permissions of the
    libvirt directories under /etc, /run and /var.
  - If udev is not available, add an init script to set the ownership
    and permissions of /dev/kvm to root:kvm and 0660; otherwise create a
    corresponding /etc/udev/rules.d/90-kvm.rules file.
  - Enable support for systemd, if applicable; otherwise install an init
    script to start/stop/restart libvirtd.
  - Ensure that a modern netcat is available.
---
 package/Config.in                |   1 +
 package/libvirt/Config.in        |  44 ++++++++
 package/libvirt/S30devkvmperms   |  28 +++++
 package/libvirt/S90libvirt       | 139 +++++++++++++++++++++++
 package/libvirt/device_table.txt |  39 +++++++
 package/libvirt/libvirt.hash     |   2 +
 package/libvirt/libvirt.mk       | 233 +++++++++++++++++++++++++++++++++++++++
 7 files changed, 486 insertions(+)
 create mode 100644 package/libvirt/Config.in
 create mode 100755 package/libvirt/S30devkvmperms
 create mode 100644 package/libvirt/S90libvirt
 create mode 100644 package/libvirt/device_table.txt
 create mode 100644 package/libvirt/libvirt.hash
 create mode 100644 package/libvirt/libvirt.mk

diff --git a/package/Config.in b/package/Config.in
index cdfb90151a..1c040f0e1a 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1925,6 +1925,7 @@ menu "System tools"
 	source "package/keyutils/Config.in"
 	source "package/kmod/Config.in"
 	source "package/kvmtool/Config.in"
+	source "package/libvirt/Config.in"
 	source "package/lxc/Config.in"
 	source "package/monit/Config.in"
 	source "package/ncdu/Config.in"
diff --git a/package/libvirt/Config.in b/package/libvirt/Config.in
new file mode 100644
index 0000000000..8e64c85188
--- /dev/null
+++ b/package/libvirt/Config.in
@@ -0,0 +1,44 @@
+config BR2_PACKAGE_LIBVIRT
+	bool "libvirt"
+	depends on !BR2_PACKAGE_NETCAT
+	depends on !BR2_STATIC_LIBS # libnl, lvm2
+	depends on !BR2_TOOLCHAIN_USES_MUSL # lvm2
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libnl, libtirpc
+	depends on BR2_USE_MMU # fork()
+	select BR2_PACKAGE_LIBNL
+	select BR2_PACKAGE_LIBTIRPC if !BR2_TOOLCHAIN_HAS_NATIVE_RPC
+	# configure: You must install the pciaccess module to build with udev
+	select BR2_PACKAGE_LIBPCIACCESS if BR2_PACKAGE_HAS_UDEV
+	select BR2_PACKAGE_LIBXML2
+	select BR2_PACKAGE_LVM2
+	# use netcf, if possible, when udev is not available
+	select BR2_PACKAGE_NETCF if !BR2_PACKAGE_HAS_UDEV && !BR2_arc && BR2_USE_WCHAR
+	select BR2_PACKAGE_YAJL
+	# run-time dependencies
+	select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_INIT_SYSTEMD
+	select BR2_PACKAGE_DMIDECODE
+	select BR2_PACKAGE_DNSMASQ
+	select BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_IPROUTE2
+	select BR2_PACKAGE_RADVD
+	# These are required because there is no way to unequivocally select a modern netcat
+	select BR2_PACKAGE_NMAP      if !BR2_PACKAGE_NETCAT_OPENBSD
+	select BR2_PACKAGE_NMAP_NCAT if !BR2_PACKAGE_NETCAT_OPENBSD
+	help
+	  Libvirt is collection of software that provides a convenient
+	  way to manage virtual machines and other virtualization
+	  functionality, such as storage and network interface
+	  management. These software pieces include an API library, a
+	  daemon (libvirtd), and a command line utility (virsh).
+
+	  http://libvirt.org/
+
+comment "libvirt needs 'nmap-ncat' or 'netcat-openbsd' but netcat is selected"
+	depends on BR2_PACKAGE_NETCAT
+	depends on !BR2_STATIC_LIBS
+	depends on !BR2_TOOLCHAIN_USES_MUSL
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on BR2_USE_MMU
+
+comment "libvirt needs a glibc or uClibc toolchain w/ threads, dynamic library"
+        depends on BR2_STATIC_LIBS || BR2_TOOLCHAIN_USES_MUSL || !BR2_USE_MMU || !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/libvirt/S30devkvmperms b/package/libvirt/S30devkvmperms
new file mode 100755
index 0000000000..8953256a03
--- /dev/null
+++ b/package/libvirt/S30devkvmperms
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Set the permissions of /dev/kvm
+#
+
+start() {
+	printf "Setting the ownership and permissions of /dev/kvm: "
+	chown qemu:kvm /dev/kvm && chmod 660 /dev/kvm \
+	&& echo "OK" || echo "FAIL"
+}
+
+stop() {
+	printf "Restoring the ownership and permissions of /dev/kvm: "
+	chown root:root /dev/kvm && chmod 600 /dev/kvm \
+	&& echo "OK" || echo "FAIL"
+}
+
+case "$1" in
+  start|restart|reload)
+      start
+	;;
+  stop)
+      stop
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart}"
+	exit 1
+esac
diff --git a/package/libvirt/S90libvirt b/package/libvirt/S90libvirt
new file mode 100644
index 0000000000..8ff43b4539
--- /dev/null
+++ b/package/libvirt/S90libvirt
@@ -0,0 +1,139 @@
+#!/bin/sh
+
+my_name="$0"
+
+check_required_files() {
+	[ -x "$1" ] || {
+		echo "$my_name: $1 is missing"
+		exit 1
+	}
+	[ -z "$2" ] || [ -f "$2" ] || {
+		echo "$my_name: $2 is missing"
+		exit 1
+	}
+}
+
+rm_stale_pidfile() {
+	if [ -e "$1" ]; then
+		exe="/proc/$(cat "$1")/exe"
+		{ [ -s "$exe" ] && [ "$(readlink -f "$exe")" = "$2" ]; } || rm -f "$1"
+	fi
+}
+
+start_virtlockd() {
+	printf "Starting virtlockd: "
+	rm_stale_pidfile /var/run/virtlockd.pid /usr/sbin/virtlockd
+	[ ! -e /var/run/virtlockd.pid ] \
+	&& start-stop-daemon -S -q -p /var/run/virtlockd.pid -x /usr/sbin/virtlockd -- -d \
+	&& echo "OK" || echo "FAIL"
+}
+
+start_virtlogd() {
+	printf "Starting virtlogd: "
+	rm_stale_pidfile /var/run/virtlogd.pid /usr/sbin/virtlogd
+	[ ! -e /var/run/virtlogd.pid ] \
+	&& start-stop-daemon -S -q -p /var/run/virtlogd.pid -x /usr/sbin/virtlogd -- -d \
+	&& echo "OK" || echo "FAIL"
+}
+
+start_libvirtd() {
+	printf "Starting libvirtd: "
+	rm_stale_pidfile /var/run/libvirtd.pid /usr/sbin/libvirtd
+	rm_stale_pidfile /var/run/libvirt/network/default.pid /usr/sbin/dnsmasq
+	[ ! -e /var/run/libvirtd.pid ] && [ -e /var/run/libvirt/network/default.pid ] \
+	&& start-stop-daemon -K -q -p /var/run/libvirt/network/default.pid -x /usr/sbin/dnsmasq
+	[ ! -e /var/run/libvirtd.pid ] \
+	&& start-stop-daemon -S -q -p /var/run/libvirtd.pid -x /usr/sbin/libvirtd -- -d \
+	&& echo "OK" || echo "FAIL"
+}
+
+start_libvirt() {
+	start_virtlockd
+	start_virtlogd
+	start_libvirtd
+}
+
+stop_libvirtd() {
+	printf "Stopping libvirtd: "
+	start-stop-daemon -K -q -p /var/run/libvirtd.pid -x /usr/sbin/libvirtd \
+	&& start-stop-daemon -K -q -p /var/run/libvirt/network/default.pid -x /usr/sbin/dnsmasq \
+	&& echo "OK" || echo "FAIL"
+	rm_stale_pidfile /var/run/libvirtd.pid /usr/sbin/libvirtd
+	rm_stale_pidfile /var/run/libvirt/network/default.pid /usr/sbin/dnsmasq
+}
+
+stop_virtlogd() {
+	printf "Stopping virtlogd: "
+	start-stop-daemon -K -q -p /var/run/virtlogd.pid -x /usr/sbin/virtlogd \
+	&& echo "OK" || echo "FAIL"
+	rm_stale_pidfile /var/run/virtlogd.pid /usr/sbin/virtlogd
+}
+
+stop_virtlockd() {
+	printf "Stopping virtlockd: "
+	start-stop-daemon -K -q -p /var/run/virtlockd.pid -x /usr/sbin/virtlockd \
+	&& echo "OK" || echo "FAIL"
+	rm_stale_pidfile /var/run/virtlockd.pid /usr/sbin/virtlockd
+}
+
+stop_libvirt() {
+	stop_libvirtd
+	stop_virtlogd
+	stop_virtlockd
+}
+
+reload_virtlockd() {
+	printf "Reloading virtlockd: "
+	rm_stale_pidfile /var/run/virtlockd.pid /usr/sbin/virtlockd
+	[ -e /var/run/virtlockd.pid ] \
+	&& start-stop-daemon -K -s USR1 -q -p /var/run/virtlockd.pid -x /usr/sbin/virtlockd \
+	&& echo "OK" || echo "FAIL"
+}
+
+reload_virtlogd() {
+	printf "Reloading virtlogd: "
+	rm_stale_pidfile /var/run/virtlogd.pid /usr/sbin/virtlogd
+	[ -e /var/run/virtlogd.pid ] \
+	&& start-stop-daemon -K -s USR1 -q -p /var/run/virtlogd.pid -x /usr/sbin/virtlogd \
+	&& echo "OK" || echo "FAIL"
+}
+
+reload_libvirtd() {
+	printf "Reloading libvirtd: "
+	rm_stale_pidfile /var/run/libvirtd.pid /usr/sbin/libvirtd
+	[ -e /var/run/libvirtd.pid ] \
+	&& start-stop-daemon -K -s HUP -q -p /var/run/libvirtd.pid -x /usr/sbin/libvirtd \
+	&& echo "OK" || echo "FAIL"
+}
+
+reload_libvirt() {
+	reload_virtlockd
+	reload_virtlogd
+	reload_libvirtd
+}
+
+check_required_files /usr/sbin/virtlockd /etc/libvirt/virtlockd.conf
+check_required_files /usr/sbin/virtlogd /etc/libvirt/virtlogd.conf
+check_required_files /usr/sbin/libvirtd /etc/libvirt/libvirtd.conf
+check_required_files /usr/sbin/dnsmasq
+
+case "$1" in
+	start)
+		start_libvirt
+		;;
+	stop)
+		stop_libvirt
+		;;
+	restart)
+		stop_libvirt
+		start_libvirt
+		;;
+	reload)
+		reload_libvirt
+		;;
+	*)
+		echo "Usage: $0 {start|stop|restart|reload}"
+		exit 1
+esac
+
+exit 0
diff --git a/package/libvirt/device_table.txt b/package/libvirt/device_table.txt
new file mode 100644
index 0000000000..a0f155ef24
--- /dev/null
+++ b/package/libvirt/device_table.txt
@@ -0,0 +1,39 @@
+# See package/makedevs/README for details
+#
+# Libvirt directories ownership and permissions
+#
+# <name>				<type>	<mode>	<uid>	<gid>	<major>	<minor>	<start>	<inc>	<count>
+/etc/libvirt				d	700	0	0	-	-	-	-	-
+/etc/libvirt/nwfilter			d	700	0	0	-	-	-	-	-
+/etc/libvirt/qemu			d	700	0	0	-	-	-	-	-
+/etc/libvirt/qemu/autostart		d	700	0	0	-	-	-	-	-
+/etc/libvirt/qemu/networks		d	700	0	0	-	-	-	-	-
+/etc/libvirt/qemu/networks/autostart	d	700	0	0	-	-	-	-	-
+/etc/libvirt/storage			d	755	0	0	-	-	-	-	-
+/etc/libvirt/storage/autostart		d	755	0	0	-	-	-	-	-
+/run/libvirt				d	755	0	0	-	-	-	-	-
+/run/libvirt/hostdevmgr			d	755	0	0	-	-	-	-	-
+/run/libvirt/network			d	755	0	0	-	-	-	-	-
+/run/libvirt/qemu			d	755	0	0	-	-	-	-	-
+/run/libvirt/storage			d	755	0	0	-	-	-	-	-
+/var/lib/libvirt			d	755	0	0	-	-	-	-	-
+/var/lib/libvirt/boot			d	711	0	0	-	-	-	-	-
+/var/lib/libvirt/dnsmasq		d	755	0	0	-	-	-	-	-
+/var/lib/libvirt/filesystems		d	711	0	0	-	-	-	-	-
+/var/lib/libvirt/images			d	711	0	0	-	-	-	-	-
+/var/lib/libvirt/network		d	700	0	0	-	-	-	-	-
+/var/lib/libvirt/qemu			d	751	107	36	-	-	-	-	-
+/var/lib/libvirt/qemu/channel		d	755	107	36	-	-	-	-	-
+/var/lib/libvirt/qemu/channel/target	d	755	107	36	-	-	-	-	-
+/var/lib/libvirt/qemu/dump		d	755	107	36	-	-	-	-	-
+/var/lib/libvirt/qemu/nvram		d	755	107	36	-	-	-	-	-
+/var/lib/libvirt/qemu/save		d	755	107	36	-	-	-	-	-
+/var/lib/libvirt/qemu/snapshot		d	755	107	36	-	-	-	-	-
+# These are lost if /var/cache and/or /var/log are mounted on a tmpfs but they are harmless, anyway
+/var/cache/libvirt			d	711	0	0	-	-	-	-	-
+/var/cache/libvirt/lxc			d	750	0	0	-	-	-	-	-
+/var/cache/libvirt/qemu			d	750	107	36	-	-	-	-	-
+/var/cache/libvirt/qemu/capabilities	d	755	0	0	-	-	-	-	-
+/var/log/libvirt			d	700	0	0	-	-	-	-	-
+/var/log/libvirt/lxc			d	750	0	0	-	-	-	-	-
+/var/log/libvirt/qemu			d	750	107	36	-	-	-	-	-
diff --git a/package/libvirt/libvirt.hash b/package/libvirt/libvirt.hash
new file mode 100644
index 0000000000..389a3c1670
--- /dev/null
+++ b/package/libvirt/libvirt.hash
@@ -0,0 +1,2 @@
+# locally computed
+sha256 4e7bcb209eeef99f026484293abc733e30ed06dabcdde62c4c3e95f71b2b67ba  libvirt-3.7.0.tar.xz
diff --git a/package/libvirt/libvirt.mk b/package/libvirt/libvirt.mk
new file mode 100644
index 0000000000..8d26869a06
--- /dev/null
+++ b/package/libvirt/libvirt.mk
@@ -0,0 +1,233 @@
+################################################################################
+#
+# libvirt
+#
+################################################################################
+
+LIBVIRT_VERSION = 3.7.0
+LIBVIRT_SITE = http://libvirt.org/sources
+LIBVIRT_SOURCE = libvirt-$(LIBVIRT_VERSION).tar.xz
+LIBVIRT_LICENSE = LGPL-2.1+
+LIBVIRT_LICENSE_FILES = COPYING
+LIBVIRT_DEPENDENCIES = libnl libxml2 lvm2 yajl
+
+ifeq ($(BR2_PACKAGE_LIBTIRPC),y)
+LIBVIRT_DEPENDENCIES += libtirpc
+LIBVIRT_CONF_ENV += \
+	CFLAGS="$(TARGET_CFLAGS) `$(PKG_CONFIG_HOST_BINARY) --cflags libtirpc`" \
+	LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libtirpc`"
+endif
+
+LIBVIRT_CONF_OPTS = \
+	--disable-debug \
+	--with-init-script=$(if $(BR2_INIT_SYSTEMD),systemd,none) \
+	--with-macvtap \
+	--with-qemu-user=qemu \
+	--with-qemu-group=kvm \
+	--with-remote \
+	--with-uml \
+	--with-virtualport \
+	--without-apparmor \
+	--without-bhyve \
+	--without-dtrace \
+	--without-esx \
+	--without-firewalld \
+	--without-glusterfs \
+	--without-hal \
+	--without-hyperv \
+	--without-libxl \
+	--without-numad \
+	--without-openwsman \
+	--without-phyp \
+	--without-pm-utils \
+	--without-sanlock \
+	--without-sasl \
+	--without-test-suite \
+	--without-vmware \
+	--without-vbox \
+	--without-vz \
+	--without-wireshark-dissector \
+	--without-xen
+
+ifeq ($(BR2_PACKAGE_ATTR),y)
+LIBVIRT_CONF_OPTS += --with-attr
+LIBVIRT_DEPENDENCIES += attr
+else
+LIBVIRT_CONF_OPTS += --without-attr
+endif
+
+ifeq ($(BR2_PACKAGE_AUDIT),y)
+LIBVIRT_CONF_OPTS += --with-audit
+LIBVIRT_DEPENDENCIES += audit
+else
+LIBVIRT_CONF_OPTS += --without-audit
+endif
+
+ifeq ($(BR2_PACKAGE_AVAHI),y)
+LIBVIRT_CONF_OPTS += --with-avahi
+LIBVIRT_DEPENDENCIES += avahi
+else
+LIBVIRT_CONF_OPTS += --without-avahi
+endif
+
+ifeq ($(BR2_PACKAGE_UTIL_LINUX_LIBBLKID),y)
+LIBVIRT_CONF_OPTS += --with-blkid
+LIBVIRT_DEPENDENCIES += util-linux
+else
+LIBVIRT_CONF_OPTS += --without-blkid
+endif
+
+ifeq ($(BR2_PACKAGE_LIBCAP_NG),y)
+LIBVIRT_CONF_OPTS += --with-capng
+LIBVIRT_DEPENDENCIES += libcap-ng
+else
+LIBVIRT_CONF_OPTS += --without-capng
+endif
+
+ifeq ($(BR2_PACKAGE_LIBCURL),y)
+LIBVIRT_CONF_OPTS += --with-curl
+LIBVIRT_DEPENDENCIES += libcurl
+else
+LIBVIRT_CONF_OPTS += --without-curl
+endif
+
+ifeq ($(BR2_PACKAGE_DBUS),y)
+LIBVIRT_CONF_OPTS += --with-dbus
+LIBVIRT_DEPENDENCIES += dbus
+else
+LIBVIRT_CONF_OPTS += --without-dbus
+endif
+
+ifeq ($(BR2_PACKAGE_LIBFUSE),y)
+LIBVIRT_CONF_OPTS += --with-fuse
+LIBVIRT_DEPENDENCIES += libfuse
+else
+LIBVIRT_CONF_OPTS += --without-fuse
+endif
+
+# do not enable openssl and gnutls at the same time.
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+LIBVIRT_CONF_OPTS += --with-openssl --without-gnutls
+LIBVIRT_DEPENDENCIES += openssl
+else ifeq ($(BR2_PACKAGE_GNUTLS),y)
+LIBVIRT_CONF_OPTS += --with-gnutls --without-openssl
+LIBVIRT_DEPENDENCIES += gnutls
+else
+LIBVIRT_CONF_OPTS += --without-openssl --without-gnutls
+endif
+
+# configure needs some help to find pcap-config at $(STAGING_DIR)/usr/bin
+ifeq ($(BR2_PACKAGE_LIBPCAP),y)
+LIBVIRT_CONF_OPTS += --with-libpcap=$(STAGING_DIR)/usr
+LIBVIRT_DEPENDENCIES += libpcap
+else
+LIBVIRT_CONF_OPTS += --without-libpcap
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSSH),y)
+LIBVIRT_CONF_OPTS += --with-libssh
+LIBVIRT_DEPENDENCIES += libssh
+else
+LIBVIRT_CONF_OPTS += --without-libssh
+endif
+
+ifeq ($(BR2_PACKAGE_LXC),y)
+LIBVIRT_CONF_OPTS += --with-lxc
+LIBVIRT_DEPENDENCIES += lxc
+else
+LIBVIRT_CONF_OPTS += --without-lxc
+endif
+
+ifeq ($(BR2_PACKAGE_LIBNSS),y)
+LIBVIRT_CONF_OPTS += --with-nss-plugin
+LIBVIRT_DEPENDENCIES += libnss
+else
+LIBVIRT_CONF_OPTS += --without-nss-plugin
+endif
+
+ifeq ($(BR2_PACKAGE_NUMACTL),y)
+LIBVIRT_CONF_OPTS += --with-numactl
+LIBVIRT_DEPENDENCIES += numactl
+else
+LIBVIRT_CONF_OPTS += --without-numactl
+endif
+
+ifeq ($(BR2_PACKAGE_LIBPCIACCESS),y)
+LIBVIRT_CONF_OPTS += --with-pciaccess
+LIBVIRT_DEPENDENCIES += libpciaccess
+else
+LIBVIRT_CONF_OPTS += --without-pciaccess
+endif
+
+ifeq ($(BR2_PACKAGE_POLKIT),y)
+LIBVIRT_CONF_OPTS += --with-polkit
+LIBVIRT_DEPENDENCIES += polkit
+else
+LIBVIRT_CONF_OPTS += --without-polkit
+endif
+
+ifeq ($(BR2_PACKAGE_READLINE),y)
+LIBVIRT_CONF_OPTS += --with-readline
+LIBVIRT_DEPENDENCIES += readline
+else
+LIBVIRT_CONF_OPTS += --without-readline
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+LIBVIRT_CONF_OPTS += --with-selinux
+LIBVIRT_DEPENDENCIES += libselinux
+else
+LIBVIRT_CONF_OPTS += --without-selinux --with-selinux-mount=/sys/fs/selinux
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSSH2),y)
+LIBVIRT_CONF_OPTS += --with-ssh2
+LIBVIRT_DEPENDENCIES += libssh2
+else
+LIBVIRT_CONF_OPTS += --without-ssh2
+endif
+
+# the interface driver requires either udev or netcf
+ifeq ($(BR2_PACKAGE_HAS_UDEV),y)
+LIBVIRT_CONF_OPTS += --with-udev --without-netcf --with-interface
+LIBVIRT_DEPENDENCIES += udev
+define LIBVIRT_INSTALL_UDEV_RULES
+	$(INSTALL) -d -m 755 $(TARGET_DIR)/etc/udev/rules.d
+	echo 'KERNEL=="kvm", OWNER="root", GROUP="kvm", MODE="0660"' > \
+		$(TARGET_DIR)/etc/udev/rules.d/90-kvm.rules
+endef
+LIBVIRT_POST_INSTALL_TARGET_HOOKS += LIBVIRT_INSTALL_UDEV_RULES
+LIBVIRT_INIT_DEV_KVM_PERMS =
+else
+# No udev, so we need an init script to set the permissions of /dev/kvm.
+LIBVIRT_INIT_DEV_KVM_PERMS = package/libvirt/S30devkvmperms
+ifeq ($(BR2_PACKAGE_NETCF),y)
+LIBVIRT_CONF_OPTS += --with-netcf --without-udev --with-interface
+LIBVIRT_DEPENDENCIES += netcf
+else
+LIBVIRT_CONF_OPTS += --without-udev --without-netcf --without-interface
+endif
+endif
+
+ifeq ($(BR2_PACKAGE_LIBVIRT),y)
+BR2_ROOTFS_DEVICE_TABLE += package/libvirt/device_table.txt
+endif
+
+define LIBVIRT_USERS
+	qemu 107 kvm 36 * - - - Libvirt qemu/kvm daemon
+endef
+
+define LIBVIRT_SET_USER_GROUP
+	sed -i -e 's/^#user = "root"/user = "qemu"/;s/^#group = "root"/group = "kvm"/' \
+		$(TARGET_DIR)/etc/libvirt/qemu.conf
+endef
+
+LIBVIRT_POST_INSTALL_TARGET_HOOKS += LIBVIRT_SET_USER_GROUP
+
+# S90, to start after S40network, S50radvd and S80dnsmasq
+define LIBVIRT_INSTALL_INIT_SYSV
+	$(INSTALL) -D -m 755 -t $(TARGET_DIR)/etc/init.d \
+		$(LIBVIRT_INIT_DEV_KVM_PERMS) package/libvirt/S90libvirt
+endef
+
+$(eval $(autotools-package))
-- 
2.14.3

[Buildroot] [PATCH 3/3] libvirt: new package

[Baruch Siach]

Hi Carlos,

On Mon, Nov 27, 2017 at 08:41:31AM -0200, Carlos Santos wrote:
> Libvirt is collection of software that provides a convenient way to
> manage virtual machines and other virtualization functionality, such as
> storage and network interface management. These software pieces include
> an API library, a daemon (libvirtd), and a command line utility (virsh).
> 
> http://libvirt.org/
> 
> Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
> ---
> diff --git a/package/libvirt/Config.in b/package/libvirt/Config.in
> new file mode 100644
> index 0000000000..8e64c85188
> --- /dev/null
> +++ b/package/libvirt/Config.in
> @@ -0,0 +1,44 @@
> +config BR2_PACKAGE_LIBVIRT
> +	bool "libvirt"
> +	depends on !BR2_PACKAGE_NETCAT
> +	depends on !BR2_STATIC_LIBS # libnl, lvm2

libnl does not depend on !BR2_STATIC_LIBS.

baruch

> +	depends on !BR2_TOOLCHAIN_USES_MUSL # lvm2
> +	depends on BR2_TOOLCHAIN_HAS_THREADS # libnl, libtirpc
> +	depends on BR2_USE_MMU # fork()
> +	select BR2_PACKAGE_LIBNL
> +	select BR2_PACKAGE_LIBTIRPC if !BR2_TOOLCHAIN_HAS_NATIVE_RPC
> +	# configure: You must install the pciaccess module to build with udev
> +	select BR2_PACKAGE_LIBPCIACCESS if BR2_PACKAGE_HAS_UDEV
> +	select BR2_PACKAGE_LIBXML2
> +	select BR2_PACKAGE_LVM2
> +	# use netcf, if possible, when udev is not available
> +	select BR2_PACKAGE_NETCF if !BR2_PACKAGE_HAS_UDEV && !BR2_arc && BR2_USE_WCHAR
> +	select BR2_PACKAGE_YAJL
> +	# run-time dependencies
> +	select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_INIT_SYSTEMD
> +	select BR2_PACKAGE_DMIDECODE
> +	select BR2_PACKAGE_DNSMASQ
> +	select BR2_PACKAGE_IPTABLES
> +	select BR2_PACKAGE_IPROUTE2
> +	select BR2_PACKAGE_RADVD
> +	# These are required because there is no way to unequivocally select a modern netcat
> +	select BR2_PACKAGE_NMAP      if !BR2_PACKAGE_NETCAT_OPENBSD
> +	select BR2_PACKAGE_NMAP_NCAT if !BR2_PACKAGE_NETCAT_OPENBSD
> +	help
> +	  Libvirt is collection of software that provides a convenient
> +	  way to manage virtual machines and other virtualization
> +	  functionality, such as storage and network interface
> +	  management. These software pieces include an API library, a
> +	  daemon (libvirtd), and a command line utility (virsh).
> +
> +	  http://libvirt.org/
> +
> +comment "libvirt needs 'nmap-ncat' or 'netcat-openbsd' but netcat is selected"
> +	depends on BR2_PACKAGE_NETCAT
> +	depends on !BR2_STATIC_LIBS
> +	depends on !BR2_TOOLCHAIN_USES_MUSL
> +	depends on BR2_TOOLCHAIN_HAS_THREADS
> +	depends on BR2_USE_MMU
> +
> +comment "libvirt needs a glibc or uClibc toolchain w/ threads, dynamic library"
> +        depends on BR2_STATIC_LIBS || BR2_TOOLCHAIN_USES_MUSL || !BR2_USE_MMU || !BR2_TOOLCHAIN_HAS_THREADS

-- 
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

[Buildroot] [PATCH 2/3] netcf: new package

[Marcus Folkesson]

Hello,

Just a few remarks;

On Mon, Nov 27, 2017 at 08:41:30AM -0200, Carlos Santos wrote:
> 
> diff --git a/package/Config.in b/package/Config.in
> index 86acab6427..cdfb90151a 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -1710,6 +1710,7 @@ menu "Networking applications"
>  	source "package/nbd/Config.in"
>  	source "package/ncftp/Config.in"
>  	source "package/ndisc6/Config.in"
> +	source "package/netcf/Config.in"
>  	source "package/netatalk/Config.in"
>  	source "package/netcat/Config.in"
>  	source "package/netcat-openbsd/Config.in"

This does not follow the chronological order.

> diff --git a/package/netcf/Config.in b/package/netcf/Config.in
> new file mode 100644
> index 0000000000..d38c2dcef0
> --- /dev/null
> +++ b/package/netcf/Config.in
> @@ -0,0 +1,24 @@
> +config BR2_PACKAGE_NETCF
> +	bool "netcf"
> +	depends on !BR2_arc # augeas
> +	depends on !BR2_STATIC_LIBS # libnl
> +	depends on BR2_TOOLCHAIN_HAS_THREADS # libnl
> +	depends on BR2_USE_MMU # fork()
> +	depends on BR2_USE_WCHAR # augeas
> +	select BR2_PACKAGE_AUGEAS
> +	select BR2_PACKAGE_LIBNL
> +	select BR2_PACKAGE_LIBXML2
> +	select BR2_PACKAGE_LIBXSLT
> +	select BR2_PACKAGE_READLINE
> +	help
> +	  netcf is a cross-platform network configuration library.
> +
> +	  It takes the description of a network interface in its own
> +	  platform-independent format and adapts the local system's
> +	  network configuration to provide that interface.
> +
> +	  Both the ncftool utility and libnetcf are installed.
> +
> +comment "netcf needs a toolchain w/ wchar"
> +	depends on !BR2_arc
> +	depends on !BR2_USE_WCHAR

	depends on !BR2_TOOLCHAIN_HAS_THREADS
	depends on BR2_STATIC_LIBS
	depends on BR2_USE_MMU

I think these could be good to include as well.k

> diff --git a/package/netcf/netcf.hash b/package/netcf/netcf.hash
> new file mode 100644
> index 0000000000..2ba2a5c204
> --- /dev/null
> +++ b/package/netcf/netcf.hash
> @@ -0,0 +1,2 @@
> +# Locally computed:
> +sha256 fd81d607795547807150dfdb82bd164ab2569369ab48a30cb6b0d010d17b127c  netcf_0.2.8.orig.tar.gz

Please calculate hash for licence file as well.

Best regards
Marcus Folkesson

[Buildroot] [PATCH 2/3] netcf: new package

[Thomas Petazzoni]

Hello Carlos,

On Mon, 27 Nov 2017 08:41:30 -0200, Carlos Santos wrote:
> diff --git a/package/netcf/0001-fix-misplaced-empty.patch b/package/netcf/0001-fix-misplaced-empty.patch
> new file mode 100644
> index 0000000000..74a3a63d7a
> --- /dev/null
> +++ b/package/netcf/0001-fix-misplaced-empty.patch
> @@ -0,0 +1,36 @@
> +From 8e00e9c0ba6b66035defc94470ac863f04eba4b5 Mon Sep 17 00:00:00 2001
> +From: Laine Stump <laine@laine.org>
> +Date: Thu, 21 May 2015 11:40:53 -0400
> +Subject: [PATCH 1/9] fix misplaced <empty/>

Could you generate the patches with "git format-patch -N", to avoid the
numbering inside the patches ?

> +When transcribing the link-speed-state bits from libvirt's
> +interface.rng to netcf's, I accidentally added an "<empty/>" in the
> +wrong place. It should have gone inside the definition of the <link>
> +element, rather than just after <link> in the <interface> element.

All the patches that are not authored by you lack your Signed-off-by.

This patches come from upstream, this should be mentioned in the
patches themselves, possibly with a link, such as:

https://pagure.io/netcf/c/8e00e9c0ba6b66035defc94470ac863f04eba4b5?branch=master

> diff --git a/package/netcf/0006-netcf-transaction.sh-remove-bash-isms.patch b/package/netcf/0006-netcf-transaction.sh-remove-bash-isms.patch
> new file mode 100644
> index 0000000000..c25cc779af
> --- /dev/null
> +++ b/package/netcf/0006-netcf-transaction.sh-remove-bash-isms.patch
> @@ -0,0 +1,50 @@
> +From 91cdbd05a82be014f43d549ddcf5a67471a5f029 Mon Sep 17 00:00:00 2001
> +From: Carlos Santos <casantos@datacom.ind.br>
> +Date: Sun, 8 Oct 2017 09:36:42 -0300
> +Subject: [PATCH 6/9] netcf-transaction.sh: remove bash-isms
> +
> +echo $"..." -> echo "..."
> +echo -n $"...$a $b" -> printf "... %s %s" "$a" "$b"
> +
> +Signed-off-by: Carlos Santos <casantos@datacom.ind.br>

All the init script machinery is not very Buildroot-looking. Should we
use their init script, or have our own ?


> diff --git a/package/netcf/0008-configure.ac-fix-AM_INIT_AUTOMAKE-call.patch b/package/netcf/0008-configure.ac-fix-AM_INIT_AUTOMAKE-call.patch
> new file mode 100644
> index 0000000000..4331d84b55
> --- /dev/null
> +++ b/package/netcf/0008-configure.ac-fix-AM_INIT_AUTOMAKE-call.patch
> @@ -0,0 +1,29 @@
> +From 6daa25084b553351255e8f3e6b252a446e5f88fc Mon Sep 17 00:00:00 2001
> +From: Carlos Santos <casantos@datacom.ind.br>
> +Date: Sun, 8 Oct 2017 13:16:41 -0300
> +Subject: [PATCH 8/9] configure.ac: fix AM_INIT_AUTOMAKE call

Patches 8 and 9 definitely make sense for upstream, could you submit
them ?

> diff --git a/package/netcf/Config.in b/package/netcf/Config.in
> new file mode 100644
> index 0000000000..d38c2dcef0
> --- /dev/null
> +++ b/package/netcf/Config.in
> @@ -0,0 +1,24 @@
> +config BR2_PACKAGE_NETCF
> +	bool "netcf"
> +	depends on !BR2_arc # augeas
> +	depends on !BR2_STATIC_LIBS # libnl
> +	depends on BR2_TOOLCHAIN_HAS_THREADS # libnl
> +	depends on BR2_USE_MMU # fork()
> +	depends on BR2_USE_WCHAR # augeas
> +	select BR2_PACKAGE_AUGEAS
> +	select BR2_PACKAGE_LIBNL
> +	select BR2_PACKAGE_LIBXML2
> +	select BR2_PACKAGE_LIBXSLT
> +	select BR2_PACKAGE_READLINE
> +	help
> +	  netcf is a cross-platform network configuration library.
> +
> +	  It takes the description of a network interface in its own
> +	  platform-independent format and adapts the local system's
> +	  network configuration to provide that interface.
> +
> +	  Both the ncftool utility and libnetcf are installed.
> +
> +comment "netcf needs a toolchain w/ wchar"
> +	depends on !BR2_arc
> +	depends on !BR2_USE_WCHAR

This Config.in comment is not complete.

> diff --git a/package/netcf/S30netcf-transaction b/package/netcf/S30netcf-transaction
> new file mode 100644
> index 0000000000..ad67123916
> --- /dev/null
> +++ b/package/netcf/S30netcf-transaction
> @@ -0,0 +1,9 @@
> +#!/bin/sh
> +#
> +# This script can save the current state of network config, and later
> +# revert to that config, or commit the new config (by deleting the
> +# snapshot). At boot time, if there are uncommitted changes to the
> +# network config, they are reverted (and the discarded changes are
> +# archived in /var/lib/netcf/network-rollback-*).
> +
> +exec /usr/libexec/netcf-transaction.sh "$@"

This init script is not installed anywhere.

> diff --git a/package/netcf/netcf.hash b/package/netcf/netcf.hash
> new file mode 100644
> index 0000000000..2ba2a5c204
> --- /dev/null
> +++ b/package/netcf/netcf.hash
> @@ -0,0 +1,2 @@
> +# Locally computed:
> +sha256 fd81d607795547807150dfdb82bd164ab2569369ab48a30cb6b0d010d17b127c  netcf_0.2.8.orig.tar.gz
> diff --git a/package/netcf/netcf.mk b/package/netcf/netcf.mk
> new file mode 100644
> index 0000000000..bd2bc8715d
> --- /dev/null
> +++ b/package/netcf/netcf.mk
> @@ -0,0 +1,22 @@
> +################################################################################
> +#
> +# netcf
> +#
> +################################################################################
> +
> +NETCF_VERSION = 0.2.8
> +NETCF_SITE = http://snapshot.debian.org/archive/debian/20171007T103908Z/pool/main/n/netcf
> +NETCF_SOURCE = netcf_$(NETCF_VERSION).orig.tar.gz

Why don't you fetch from the upstream Git repository ? Possibly you
could fetch the appropriate Git commit, avoiding the need to have a
number of patches in Buildroot itself ? Of course, a comment on top of
the VERSION variable would explain why we pick a seemingly random
version.

> +NETCF_INSTALL_STAGING = YES
> +NETCF_LICENSE = LGPL-2.1+
> +NETCF_LICENSE_FILES = COPYING
> +NETCF_DEPENDENCIES = augeas libnl libxml2 libxslt readline
> +NETCF_INSTALL_STAGING = YES
> +
> +# 0007-Install-init-script-as-etc-init.d-S30netcf-transacti.patch

This is not the only patch that requires autoreconf

> +NETCF_AUTORECONF = YES
> +
> +NETCF_CONF_OPTS = \
> +	--with-sysinit=$(if $(BR2_INIT_SYSTEMD),systemd,$(if $(BR2_INIT_NONE),none,initscripts))

This is a bit hard to read.

ifeq ($(BR2_INIT_SYSTEMD),y)
NETCF_CONF_OPTS += --with-sysinit=systemd
else ifeq ($(BR2_INIT_BUSYBOX)$(BR2_INIT_SYSV),y)
NETCF_CONF_OPTS += --with-sysinit=sysv
else
NETCF_CONF_OPTS += --with-sysinit=none
endif

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH 3/3] libvirt: new package

[Thomas Petazzoni]

Hello,

On Mon, 27 Nov 2017 08:41:31 -0200, Carlos Santos wrote:
> Libvirt is collection of software that provides a convenient way to
> manage virtual machines and other virtualization functionality, such as
> storage and network interface management. These software pieces include
> an API library, a daemon (libvirtd), and a command line utility (virsh).
> 
> http://libvirt.org/
> 
> Signed-off-by: Carlos Santos <casantos@datacom.ind.br>

This is not a simple package. We did a review with Arnout, I'll try to
summarize the comments that we had. I'm sure I'll forget about those
comments though.

> diff --git a/package/libvirt/Config.in b/package/libvirt/Config.in
> new file mode 100644
> index 0000000000..8e64c85188
> --- /dev/null
> +++ b/package/libvirt/Config.in
> @@ -0,0 +1,44 @@
> +config BR2_PACKAGE_LIBVIRT
> +	bool "libvirt"
> +	depends on !BR2_PACKAGE_NETCAT

Why do we need this if you select nmap-ncat below ?

> +	depends on !BR2_STATIC_LIBS # libnl, lvm2
> +	depends on !BR2_TOOLCHAIN_USES_MUSL # lvm2
> +	depends on BR2_TOOLCHAIN_HAS_THREADS # libnl, libtirpc
> +	depends on BR2_USE_MMU # fork()
> +	select BR2_PACKAGE_LIBNL
> +	select BR2_PACKAGE_LIBTIRPC if !BR2_TOOLCHAIN_HAS_NATIVE_RPC
> +	# configure: You must install the pciaccess module to build with udev
> +	select BR2_PACKAGE_LIBPCIACCESS if BR2_PACKAGE_HAS_UDEV
> +	select BR2_PACKAGE_LIBXML2
> +	select BR2_PACKAGE_LVM2
> +	# use netcf, if possible, when udev is not available
> +	select BR2_PACKAGE_NETCF if !BR2_PACKAGE_HAS_UDEV && !BR2_arc && BR2_USE_WCHAR

I think it would be a bit easier to have the first patch introduced
only libvirt with udev support, it would avoid the netcf dependency,
the /dev/kvm fixup, lots of additional complexity. It can come in a
separate patch. This would make the whole thing easier to review.

> +	select BR2_PACKAGE_YAJL
> +	# run-time dependencies
> +	select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_INIT_SYSTEMD
> +	select BR2_PACKAGE_DMIDECODE
> +	select BR2_PACKAGE_DNSMASQ
> +	select BR2_PACKAGE_IPTABLES
> +	select BR2_PACKAGE_IPROUTE2
> +	select BR2_PACKAGE_RADVD

Are all those dependencies mandatory in all situations ?

> diff --git a/package/libvirt/S30devkvmperms b/package/libvirt/S30devkvmperms
> new file mode 100755
> index 0000000000..8953256a03
> --- /dev/null
> +++ b/package/libvirt/S30devkvmperms
> @@ -0,0 +1,28 @@
> +#!/bin/sh
> +#
> +# Set the permissions of /dev/kvm
> +#
> +
> +start() {
> +	printf "Setting the ownership and permissions of /dev/kvm: "
> +	chown qemu:kvm /dev/kvm && chmod 660 /dev/kvm \
> +	&& echo "OK" || echo "FAIL"
> +}
> +
> +stop() {
> +	printf "Restoring the ownership and permissions of /dev/kvm: "
> +	chown root:root /dev/kvm && chmod 600 /dev/kvm \
> +	&& echo "OK" || echo "FAIL"

The stop part is probably useless, I don't see the point of restoring
the permissions.

> diff --git a/package/libvirt/S90libvirt b/package/libvirt/S90libvirt
> new file mode 100644
> index 0000000000..8ff43b4539
> --- /dev/null
> +++ b/package/libvirt/S90libvirt
> @@ -0,0 +1,139 @@
> +#!/bin/sh

Could this script be split in several init scripts, one per service,
and be made more similar to all other Buildroot init scripts ?

> +
> +my_name="$0"
> +
> +check_required_files() {
> +	[ -x "$1" ] || {
> +		echo "$my_name: $1 is missing"
> +		exit 1
> +	}
> +	[ -z "$2" ] || [ -f "$2" ] || {
> +		echo "$my_name: $2 is missing"
> +		exit 1
> +	}

This is not really good. I think we should simply not check the
existence of the executable. Maybe just check the existence of the
configuration file.

> +rm_stale_pidfile() {
> +	if [ -e "$1" ]; then
> +		exe="/proc/$(cat "$1")/exe"
> +		{ [ -s "$exe" ] && [ "$(readlink -f "$exe")" = "$2" ]; } || rm -f "$1"
> +	fi

Do we need that, with start-stop-daemon ?


> diff --git a/package/libvirt/device_table.txt b/package/libvirt/device_table.txt
> new file mode 100644
> index 0000000000..a0f155ef24
> --- /dev/null
> +++ b/package/libvirt/device_table.txt
> @@ -0,0 +1,39 @@
> +# See package/makedevs/README for details
> +#
> +# Libvirt directories ownership and permissions
> +#
> +# <name>				<type>	<mode>	<uid>	<gid>	<major>	<minor>	<start>	<inc>	<count>
> +/etc/libvirt				d	700	0	0	-	-	-	-	-
> +/etc/libvirt/nwfilter			d	700	0	0	-	-	-	-	-
> +/etc/libvirt/qemu			d	700	0	0	-	-	-	-	-
> +/etc/libvirt/qemu/autostart		d	700	0	0	-	-	-	-	-
> +/etc/libvirt/qemu/networks		d	700	0	0	-	-	-	-	-
> +/etc/libvirt/qemu/networks/autostart	d	700	0	0	-	-	-	-	-
> +/etc/libvirt/storage			d	755	0	0	-	-	-	-	-
> +/etc/libvirt/storage/autostart		d	755	0	0	-	-	-	-	-
> +/run/libvirt				d	755	0	0	-	-	-	-	-
> +/run/libvirt/hostdevmgr			d	755	0	0	-	-	-	-	-
> +/run/libvirt/network			d	755	0	0	-	-	-	-	-
> +/run/libvirt/qemu			d	755	0	0	-	-	-	-	-
> +/run/libvirt/storage			d	755	0	0	-	-	-	-	-
> +/var/lib/libvirt			d	755	0	0	-	-	-	-	-
> +/var/lib/libvirt/boot			d	711	0	0	-	-	-	-	-
> +/var/lib/libvirt/dnsmasq		d	755	0	0	-	-	-	-	-
> +/var/lib/libvirt/filesystems		d	711	0	0	-	-	-	-	-
> +/var/lib/libvirt/images			d	711	0	0	-	-	-	-	-
> +/var/lib/libvirt/network		d	700	0	0	-	-	-	-	-
> +/var/lib/libvirt/qemu			d	751	107	36	-	-	-	-	-
> +/var/lib/libvirt/qemu/channel		d	755	107	36	-	-	-	-	-
> +/var/lib/libvirt/qemu/channel/target	d	755	107	36	-	-	-	-	-
> +/var/lib/libvirt/qemu/dump		d	755	107	36	-	-	-	-	-
> +/var/lib/libvirt/qemu/nvram		d	755	107	36	-	-	-	-	-
> +/var/lib/libvirt/qemu/save		d	755	107	36	-	-	-	-	-
> +/var/lib/libvirt/qemu/snapshot		d	755	107	36	-	-	-	-	-
> +# These are lost if /var/cache and/or /var/log are mounted on a tmpfs but they are harmless, anyway
> +/var/cache/libvirt			d	711	0	0	-	-	-	-	-
> +/var/cache/libvirt/lxc			d	750	0	0	-	-	-	-	-
> +/var/cache/libvirt/qemu			d	750	107	36	-	-	-	-	-
> +/var/cache/libvirt/qemu/capabilities	d	755	0	0	-	-	-	-	-
> +/var/log/libvirt			d	700	0	0	-	-	-	-	-
> +/var/log/libvirt/lxc			d	750	0	0	-	-	-	-	-
> +/var/log/libvirt/qemu			d	750	107	36	-	-	-	-	-

Most of these entries don't need to be in a device table, they don't
adjust ownership/permissions.

For the remaining ones, using names for <uid> and <gid> is possible
since commit 95dda394d9f2487d54c6ec529c3f9a7fd341a582, so it would be
good to do that. This avoids the need to hardcode a fixed uid/gid.

> diff --git a/package/libvirt/libvirt.hash b/package/libvirt/libvirt.hash
> new file mode 100644
> index 0000000000..389a3c1670
> --- /dev/null
> +++ b/package/libvirt/libvirt.hash
> @@ -0,0 +1,2 @@
> +# locally computed
> +sha256 4e7bcb209eeef99f026484293abc733e30ed06dabcdde62c4c3e95f71b2b67ba  libvirt-3.7.0.tar.xz

Hash for the license file would be nice.


> +# the interface driver requires either udev or netcf
> +ifeq ($(BR2_PACKAGE_HAS_UDEV),y)
> +LIBVIRT_CONF_OPTS += --with-udev --without-netcf --with-interface
> +LIBVIRT_DEPENDENCIES += udev
> +define LIBVIRT_INSTALL_UDEV_RULES
> +	$(INSTALL) -d -m 755 $(TARGET_DIR)/etc/udev/rules.d
> +	echo 'KERNEL=="kvm", OWNER="root", GROUP="kvm", MODE="0660"' > \
> +		$(TARGET_DIR)/etc/udev/rules.d/90-kvm.rules

Please have a file in package/libvirt/ with this udev rule, and install
it in $(TARGET_DIR)/etc/udev/rules.d rather than doing this echo.

> +endef
> +LIBVIRT_POST_INSTALL_TARGET_HOOKS += LIBVIRT_INSTALL_UDEV_RULES
> +LIBVIRT_INIT_DEV_KVM_PERMS =
> +else
> +# No udev, so we need an init script to set the permissions of /dev/kvm.
> +LIBVIRT_INIT_DEV_KVM_PERMS = package/libvirt/S30devkvmperms
> +ifeq ($(BR2_PACKAGE_NETCF),y)
> +LIBVIRT_CONF_OPTS += --with-netcf --without-udev --with-interface
> +LIBVIRT_DEPENDENCIES += netcf
> +else
> +LIBVIRT_CONF_OPTS += --without-udev --without-netcf --without-interface
> +endif
> +endif

As I said, this could be simplified in a first commit, if only the udev
case was supported.

> +
> +ifeq ($(BR2_PACKAGE_LIBVIRT),y)
> +BR2_ROOTFS_DEVICE_TABLE += package/libvirt/device_table.txt

Maybe with the device table becoming shorter with the comment I made
above, you can put it back in the .mk file ?

> +endif
> +
> +define LIBVIRT_USERS
> +	qemu 107 kvm 36 * - - - Libvirt qemu/kvm daemon

With the comment made above, you could use -1 and -1 as uid and gid.

> +define LIBVIRT_SET_USER_GROUP
> +	sed -i -e 's/^#user = "root"/user = "qemu"/;s/^#group = "root"/group = "kvm"/' \
> +		$(TARGET_DIR)/etc/libvirt/qemu.conf

Use $(SED). It's however strange that libvirt installs qemu.conf with
values that don't match --with-qemu-user and --with-qemu-group
configuration options.

> +endef
> +
> +LIBVIRT_POST_INSTALL_TARGET_HOOKS += LIBVIRT_SET_USER_GROUP
> +
> +# S90, to start after S40network, S50radvd and S80dnsmasq
> +define LIBVIRT_INSTALL_INIT_SYSV
> +	$(INSTALL) -D -m 755 -t $(TARGET_DIR)/etc/init.d \
> +		$(LIBVIRT_INIT_DEV_KVM_PERMS) package/libvirt/S90libvirt
> +endef

I'd rather have a variable called LIBVIRT_INSTALL_KVMPERMS_INIT_SCRIPT
that does:
	$(INSTALL) -D -m 0755 package/libvirt/S30devkvmperms \
		$(TARGET_DIR)/etc/init.d/S30devkvmperms

and then do:

define LIBVIRT_INSTALL_INIT_SYSV
	$(LIBVIRT_INSTALL_KVMPERMS_INIT_SCRIPT)
	$(INSTALL) -D -m 0755 package/libvirt/S90libvirt \
		$(TARGET_DIR)/etc/init.d/S90libvirt
endef

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH 2/3] netcf: new package

[Arnout Vandecappelle]

On 02-04-18 16:42, Thomas Petazzoni wrote:
> Hello Carlos,
> 
> On Mon, 27 Nov 2017 08:41:30 -0200, Carlos Santos wrote:
[snip]
>> +NETCF_CONF_OPTS = \
>> +	--with-sysinit=$(if $(BR2_INIT_SYSTEMD),systemd,$(if $(BR2_INIT_NONE),none,initscripts))
> 
> This is a bit hard to read.
> 
> ifeq ($(BR2_INIT_SYSTEMD),y)
> NETCF_CONF_OPTS += --with-sysinit=systemd
> else ifeq ($(BR2_INIT_BUSYBOX)$(BR2_INIT_SYSV),y)
> NETCF_CONF_OPTS += --with-sysinit=sysv
> else
> NETCF_CONF_OPTS += --with-sysinit=none
> endif

 However, since the upstream sysv init script is pretty complicated and must be
patched anyway, it would make sense to always use our own, and in that case it
would be

ifeq ($(BR2_INIT_SYSTEMD),y)
NETCF_CONF_OPTS += --with-sysinit=systemd
else
# For SysV init we use our own init script
NETCF_CONF_OPTS += --with-sysinit=none
endif


 Regards,
 Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

[Buildroot] [PATCH 3/3] libvirt: new package

[Arnout Vandecappelle]

On 02-04-18 17:19, Thomas Petazzoni wrote:
> Hello,
> 
> On Mon, 27 Nov 2017 08:41:31 -0200, Carlos Santos wrote:
[snip]
>> diff --git a/package/libvirt/Config.in b/package/libvirt/Config.in
>> new file mode 100644
>> index 0000000000..8e64c85188
>> --- /dev/null
>> +++ b/package/libvirt/Config.in
>> @@ -0,0 +1,44 @@
>> +config BR2_PACKAGE_LIBVIRT
>> +	bool "libvirt"
>> +	depends on !BR2_PACKAGE_NETCAT
> 
> Why do we need this if you select nmap-ncat below ?

 Because libvirt calls the 'nc' executable with the ncat command line arguments,
so it needs the nc -> ncat symlink, which is not created when netcat is installed.

 However, this makes me think: wouldn't it be easier to patch libvirt to call
ncat instead of nc?


 Regards,
 Arnout

[snip]

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

[Buildroot] [PATCH 3/3] libvirt: new package

[Carlos Santos]

> From: "Arnout Vandecappelle" <arnout@mind.be>
> To: "Thomas Petazzoni" <thomas.petazzoni@bootlin.com>, "Carlos Santos" <casantos@datacom.ind.br>
> Cc: "buildroot" <buildroot@buildroot.org>
> Sent: Monday, April 2, 2018 5:18:58 PM
> Subject: Re: [Buildroot] [PATCH 3/3] libvirt: new package

> On 02-04-18 17:19, Thomas Petazzoni wrote:
>> Hello,
>> 
>> On Mon, 27 Nov 2017 08:41:31 -0200, Carlos Santos wrote:
> [snip]
>>> diff --git a/package/libvirt/Config.in b/package/libvirt/Config.in
>>> new file mode 100644
>>> index 0000000000..8e64c85188
>>> --- /dev/null
>>> +++ b/package/libvirt/Config.in
>>> @@ -0,0 +1,44 @@
>>> +config BR2_PACKAGE_LIBVIRT
>>> +	bool "libvirt"
>>> +	depends on !BR2_PACKAGE_NETCAT
>> 
>> Why do we need this if you select nmap-ncat below ?
> 
> Because libvirt calls the 'nc' executable with the ncat command line arguments,
> so it needs the nc -> ncat symlink, which is not created when netcat is
> installed.
> 
> However, this makes me think: wouldn't it be easier to patch libvirt to call
> ncat instead of nc?

No, because it would be necessary to modify virt-manager, which runs
on a separate machine. It accesses the KVM host (built with Buildroot)
via ssh, and invokes nc to communicate with libvirtd by means of a
unix domain socket.

Notice that virt-manager is smarter than the ordinary bear: it checks
which syntax the "nc" command on the remote machine recognizes and
invokes it with the suitable parameters. So forcing it to use ncat
would prevent it from managing KVM hosts running Debian/Ubuntu.

Notice also that the libvirt package noes not even build/install
virt-manager, since it is a GUI tool. Such improvement is left
as an exercise for the reader. :-)

-- 
Carlos Santos (Casantos) - DATACOM, P&D
?The greatest triumph that modern PR can offer is the transcendent 
success of having your words and actions judged by your reputation, 
rather than the other way about.? ? Christopher Hitchens

[Buildroot] [PATCH 3/3] libvirt: new package

[Arnout Vandecappelle]

On 03-04-18 05:49, Carlos Santos wrote:
>> From: "Arnout Vandecappelle" <arnout@mind.be>
>> To: "Thomas Petazzoni" <thomas.petazzoni@bootlin.com>, "Carlos Santos" <casantos@datacom.ind.br>
>> Cc: "buildroot" <buildroot@buildroot.org>
>> Sent: Monday, April 2, 2018 5:18:58 PM
>> Subject: Re: [Buildroot] [PATCH 3/3] libvirt: new package
> 
>> On 02-04-18 17:19, Thomas Petazzoni wrote:
>>> Hello,
>>>
>>> On Mon, 27 Nov 2017 08:41:31 -0200, Carlos Santos wrote:
>> [snip]
>>>> diff --git a/package/libvirt/Config.in b/package/libvirt/Config.in
>>>> new file mode 100644
>>>> index 0000000000..8e64c85188
>>>> --- /dev/null
>>>> +++ b/package/libvirt/Config.in
>>>> @@ -0,0 +1,44 @@
>>>> +config BR2_PACKAGE_LIBVIRT
>>>> +	bool "libvirt"
>>>> +	depends on !BR2_PACKAGE_NETCAT
>>>
>>> Why do we need this if you select nmap-ncat below ?
>>
>> Because libvirt calls the 'nc' executable with the ncat command line arguments,
>> so it needs the nc -> ncat symlink, which is not created when netcat is
>> installed.
>>
>> However, this makes me think: wouldn't it be easier to patch libvirt to call
>> ncat instead of nc?
> 
> No, because it would be necessary to modify virt-manager, which runs
> on a separate machine. It accesses the KVM host (built with Buildroot)
> via ssh, and invokes nc to communicate with libvirtd by means of a
> unix domain socket.
> 
> Notice that virt-manager is smarter than the ordinary bear: it checks
> which syntax the "nc" command on the remote machine recognizes and
> invokes it with the suitable parameters. So forcing it to use ncat
> would prevent it from managing KVM hosts running Debian/Ubuntu.

 OK, but if virt-manager supports both GNU netcat and nmap-ncat, then why does
libvirt depend on nmap-ncat and not netcat? In other words: why not

	select BR2_PACKAGE_NMAP if !BR2_PACKAGE_NETCAT
	select BR2_PACKAGE_NMAP_NCAT if !BR2_PACKAGE_NETCAT

(We could even use busybox nc, but it's not very likely that virt-manager is OK
with that, and even so it's impossible to detect in Buildroot if busybox nc is
enabled or not.)

 Regards,
 Arnout

> 
> Notice also that the libvirt package noes not even build/install
> virt-manager, since it is a GUI tool. Such improvement is left
> as an exercise for the reader. :-)
> 

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

[Buildroot] [PATCH 3/3] libvirt: new package

[Carlos Santos]

> From: "Arnout Vandecappelle" <arnout@mind.be>
> To: "Carlos Santos" <casantos@datacom.ind.br>
> Cc: "Thomas Petazzoni" <thomas.petazzoni@bootlin.com>, "buildroot" <buildroot@buildroot.org>
> Sent: Tuesday, April 3, 2018 9:21:39 AM
> Subject: Re: [Buildroot] [PATCH 3/3] libvirt: new package

> On 03-04-18 05:49, Carlos Santos wrote:
>>> From: "Arnout Vandecappelle" <arnout@mind.be>
>>> To: "Thomas Petazzoni" <thomas.petazzoni@bootlin.com>, "Carlos Santos"
>>> <casantos@datacom.ind.br>
>>> Cc: "buildroot" <buildroot@buildroot.org>
>>> Sent: Monday, April 2, 2018 5:18:58 PM
>>> Subject: Re: [Buildroot] [PATCH 3/3] libvirt: new package
>> 
>>> On 02-04-18 17:19, Thomas Petazzoni wrote:
>>>> Hello,
>>>>
>>>> On Mon, 27 Nov 2017 08:41:31 -0200, Carlos Santos wrote:
>>> [snip]
>>>>> diff --git a/package/libvirt/Config.in b/package/libvirt/Config.in
>>>>> new file mode 100644
>>>>> index 0000000000..8e64c85188
>>>>> --- /dev/null
>>>>> +++ b/package/libvirt/Config.in
>>>>> @@ -0,0 +1,44 @@
>>>>> +config BR2_PACKAGE_LIBVIRT
>>>>> +	bool "libvirt"
>>>>> +	depends on !BR2_PACKAGE_NETCAT
>>>>
>>>> Why do we need this if you select nmap-ncat below ?
>>>
>>> Because libvirt calls the 'nc' executable with the ncat command line arguments,
>>> so it needs the nc -> ncat symlink, which is not created when netcat is
>>> installed.
>>>
>>> However, this makes me think: wouldn't it be easier to patch libvirt to call
>>> ncat instead of nc?
>> 
>> No, because it would be necessary to modify virt-manager, which runs
>> on a separate machine. It accesses the KVM host (built with Buildroot)
>> via ssh, and invokes nc to communicate with libvirtd by means of a
>> unix domain socket.
>> 
>> Notice that virt-manager is smarter than the ordinary bear: it checks
>> which syntax the "nc" command on the remote machine recognizes and
>> invokes it with the suitable parameters. So forcing it to use ncat
>> would prevent it from managing KVM hosts running Debian/Ubuntu.
> 
> OK, but if virt-manager supports both GNU netcat and nmap-ncat, then why does
> libvirt depend on nmap-ncat and not netcat? In other words: why not
> 
>	select BR2_PACKAGE_NMAP if !BR2_PACKAGE_NETCAT
>	select BR2_PACKAGE_NMAP_NCAT if !BR2_PACKAGE_NETCAT
> 
> (We could even use busybox nc, but it's not very likely that virt-manager is OK
> with that, and even so it's impossible to detect in Buildroot if busybox nc is
> enabled or not.)

The "nc" commands provided by netcat and busybox are not sufficient
because they don't support unix domain sockets.

Moreover, these configuration tricks make the Config.in file harder
to read and understand. I still believe that my original approach[1]
was better. It would allow us to add some "BR2_HAS_MODERN_NC" config,
selected by netcat-openbsd and ncat, and make libvirt depend on it.

1. https://patchwork.ozlabs.org/patch/820503/

-- 
Carlos Santos (Casantos) - DATACOM, P&D
?The greatest triumph that modern PR can offer is the transcendent 
success of having your words and actions judged by your reputation, 
rather than the other way about.? ? Christopher Hitchens

[Buildroot] [PATCH 3/3] libvirt: new package

[Arnout Vandecappelle]

On 03-04-18 15:13, Carlos Santos wrote:
>> From: "Arnout Vandecappelle" <arnout@mind.be>
>> To: "Carlos Santos" <casantos@datacom.ind.br>
>> Cc: "Thomas Petazzoni" <thomas.petazzoni@bootlin.com>, "buildroot" <buildroot@buildroot.org>
>> Sent: Tuesday, April 3, 2018 9:21:39 AM
>> Subject: Re: [Buildroot] [PATCH 3/3] libvirt: new package
> 
>> On 03-04-18 05:49, Carlos Santos wrote:
>>>> From: "Arnout Vandecappelle" <arnout@mind.be>
>>>> To: "Thomas Petazzoni" <thomas.petazzoni@bootlin.com>, "Carlos Santos"
>>>> <casantos@datacom.ind.br>
>>>> Cc: "buildroot" <buildroot@buildroot.org>
>>>> Sent: Monday, April 2, 2018 5:18:58 PM
>>>> Subject: Re: [Buildroot] [PATCH 3/3] libvirt: new package
>>>
>>>> On 02-04-18 17:19, Thomas Petazzoni wrote:
>>>>> Hello,
>>>>>
>>>>> On Mon, 27 Nov 2017 08:41:31 -0200, Carlos Santos wrote:
>>>> [snip]
>>>>>> diff --git a/package/libvirt/Config.in b/package/libvirt/Config.in
>>>>>> new file mode 100644
>>>>>> index 0000000000..8e64c85188
>>>>>> --- /dev/null
>>>>>> +++ b/package/libvirt/Config.in
>>>>>> @@ -0,0 +1,44 @@
>>>>>> +config BR2_PACKAGE_LIBVIRT
>>>>>> +	bool "libvirt"
>>>>>> +	depends on !BR2_PACKAGE_NETCAT
>>>>>
>>>>> Why do we need this if you select nmap-ncat below ?
>>>>
>>>> Because libvirt calls the 'nc' executable with the ncat command line arguments,
>>>> so it needs the nc -> ncat symlink, which is not created when netcat is
>>>> installed.
>>>>
>>>> However, this makes me think: wouldn't it be easier to patch libvirt to call
>>>> ncat instead of nc?
>>>
>>> No, because it would be necessary to modify virt-manager, which runs
>>> on a separate machine. It accesses the KVM host (built with Buildroot)
>>> via ssh, and invokes nc to communicate with libvirtd by means of a
>>> unix domain socket.
>>>
>>> Notice that virt-manager is smarter than the ordinary bear: it checks
>>> which syntax the "nc" command on the remote machine recognizes and
>>> invokes it with the suitable parameters. So forcing it to use ncat
>>> would prevent it from managing KVM hosts running Debian/Ubuntu.

 virt-manager could be patched however to try 'ncat' in addition to (or instead
of) 'nc'. That would solve the problem with the symlink and you could have
parallel netcat and nmap-netcat instalations (if you would want that for
whatever reason...).

>>
>> OK, but if virt-manager supports both GNU netcat and nmap-ncat, then why does
>> libvirt depend on nmap-ncat and not netcat? In other words: why not
>>
>> 	select BR2_PACKAGE_NMAP if !BR2_PACKAGE_NETCAT
>> 	select BR2_PACKAGE_NMAP_NCAT if !BR2_PACKAGE_NETCAT
>>
>> (We could even use busybox nc, but it's not very likely that virt-manager is OK
>> with that, and even so it's impossible to detect in Buildroot if busybox nc is
>> enabled or not.)
> 
> The "nc" commands provided by netcat and busybox are not sufficient
> because they don't support unix domain sockets.

 OK. It's a bit hard to follow with all these different netcat versions :-) So
which is the other netcat supported by virt-manager? Is there a fifth one?

 Anyway, if nmap-netcat is the only supported one, then this really is the right
thing to do. It would be good to add a comment above the "depends on
!BR2_PACKAGE_NETCAT" to explain that though.


> Moreover, these configuration tricks make the Config.in file harder
> to read and understand. I still believe that my original approach[1]
> was better. It would allow us to add some "BR2_HAS_MODERN_NC" config,
> selected by netcat-openbsd and ncat, and make libvirt depend on it.

 So you think it's an improvement that if you want libvirt, you first have to go
and select nmap-ncat? I find the current structure much more user friendly.
Perhaps it could use an additional

comment "libvirt is incompatible with netcat"
	depends on all the libvirt dependencies
	depends on BR2_PACKAGE_NETCAT


 Regards,
 Arnout

> 
> 1. https://patchwork.ozlabs.org/patch/820503/
> 

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

[Buildroot] [PATCH 3/3] libvirt: new package

[Carlos Santos]

> From: "Arnout Vandecappelle" <arnout@mind.be>
> To: "Carlos Santos" <casantos@datacom.ind.br>
> Cc: "Thomas Petazzoni" <thomas.petazzoni@bootlin.com>, "buildroot" <buildroot@buildroot.org>
> Sent: Tuesday, April 3, 2018 2:16:48 PM
> Subject: Re: [Buildroot] [PATCH 3/3] libvirt: new package

[trimming the text in order to keep it readable]

> On 03-04-18 15:13, Carlos Santos wrote:
>>> From: "Arnout Vandecappelle" <arnout@mind.be>
>>> To: "Carlos Santos" <casantos@datacom.ind.br>
>>> Cc: "Thomas Petazzoni" <thomas.petazzoni@bootlin.com>, "buildroot"
>>> <buildroot@buildroot.org>
>>> Sent: Tuesday, April 3, 2018 9:21:39 AM
>>> Subject: Re: [Buildroot] [PATCH 3/3] libvirt: new package

>>>> Notice that virt-manager is smarter than the ordinary bear: it checks
>>>> which syntax the "nc" command on the remote machine recognizes and
>>>> invokes it with the suitable parameters. So forcing it to use ncat
>>>> would prevent it from managing KVM hosts running Debian/Ubuntu.
> 
> virt-manager could be patched however to try 'ncat' in addition to (or instead
> of) 'nc'. That would solve the problem with the symlink and you could have
> parallel netcat and nmap-netcat instalations (if you would want that for
> whatever reason...).

We don't have control over virt-manager. It is a Python script
runing on a remote machine which can even run a different OS. It
accesses the KVM host (the machine running our Buildroot-built OS)
using a command line like this one:

   ssh -l johnny -- host.example.com sh -c 'if 'nc' -q 2>&1 | grep "requires an argument" >/dev/null 2>&1; then ARG=-q0;else ARG=;fi;'nc' $ARG -U /var/run/libvirt/libvirt-sock'

Then it communicates with libvirtd through the tunnel composed by
the socket created by ssh and the redirected stdout/stdin created
by nc.

The search for "requires an argument" detects netcat-openbsd
(Debian/Ubuntu).

-- 
Carlos Santos (Casantos) - DATACOM, P&D
?The greatest triumph that modern PR can offer is the transcendent 
success of having your words and actions judged by your reputation, 
rather than the other way about.? ? Christopher Hitchens