#58 qemu-ga: Replace --blacklist with --allow-rpcs / --block-rpcs
Opened 3 months ago by gvegidy. Modified 2 months ago
rpms/ gvegidy/qemu rawhide  into  rawhide

file modified
+8 -4
@@ -1,11 +1,15 @@ 

  # This is a systemd environment file, not a shell script.

  # It provides settings for "/lib/systemd/system/qemu-guest-agent.service".

  

- # Comma-separated blacklist of RPCs to disable, or empty list to enable all.

+ # Comma-separated block & allow lists of RPCs.

  #

- # You can get the list of RPC commands using "qemu-ga --blacklist='?'".

- # There should be no spaces between commas and commands in the blacklist.

- #BLACKLIST_RPC=guest-file-open,guest-file-close,guest-file-read,guest-file-write,guest-file-seek,guest-file-flush,guest-exec,guest-exec-status

+ # You can either use the blocklist or the allowlist, but not both.

+ # Use neither option to allow all RPCs.

+ #

+ # You can get the list of RPC commands using "qemu-ga --block-rpcs='?'".

+ # There should be no spaces between commas and commands in the lists.

+ #QEMU_GA_ARGS=--block-rpcs\=guest-file-open,guest-file-close,guest-file-read,guest-file-write,guest-file-seek,guest-file-flush,guest-exec,guest-exec-status

+ #QEMU_GA_ARGS=--allow-rpcs\=guest-info,guest-shutdown,guest-ping,guest-sync,guest-sync-delimited

  

  # Fsfreeze hook script specification.

  #

file modified
+7 -3
@@ -6,12 +6,16 @@ 

  

  [Service]

  UMask=0077

+ # The Environment= line prevents a warning in case of unused variables

+ Environment=QEMU_GA_ARGS= BLACKLIST_RPC=

  EnvironmentFile=/etc/sysconfig/qemu-ga

- ExecStart=/usr/bin/qemu-ga \

+ # handling for BLACKLIST_RPC is for compatibility with old sysconfig files

+ ExecStart=/usr/bin/bash -c "/usr/bin/qemu-ga \

    --method=virtio-serial \

    --path=/dev/virtio-ports/org.qemu.guest_agent.0 \

-   --blacklist=${BLACKLIST_RPC} \

-   -F${FSFREEZE_HOOK_PATHNAME}

+     ${BLACKLIST_RPC:+--block-rpcs=${BLACKLIST_RPC}} \

+     ${QEMU_GA_ARGS} \

+   -F${FSFREEZE_HOOK_PATHNAME}"

  Restart=always

  RestartSec=0

  

file modified
+6 -1
@@ -361,7 +361,7 @@ 

  %endif

  

  # To prevent rpmdev-bumpspec breakage

- %global baserelease 8

+ %global baserelease 9

  

  Summary: QEMU is a FAST! processor emulator

  Name: qemu
@@ -3164,6 +3164,11 @@ 

  

  

  %changelog

+ * Wed Feb 21 2024 Gerd v. Egidy <gerd@egidy.de> - 8.2.0-9

+ - qemu-ga: Replace --blacklist with --allow-rpcs / --block-rpcs

+   but keep compatibility with old sysconfig files using BLACKLIST_RPC

+   (https://bugzilla.redhat.com/show_bug.cgi?id=2258100)

+ 

  * Wed Feb 21 2024 Richard W.M. Jones <rjones@redhat.com> - 2:8.2.0-8

  - Fix user-emulation of FIFREEZE and FITHAW ioctls

  

but keep compatibility with old sysconfig files using BLACKLIST_RPC
(https://bugzilla.redhat.com/show_bug.cgi?id=2258100)

Adapted pull request after discussion in https://src.fedoraproject.org/rpms/qemu/pull-request/57

rebased onto 04399c9

3 months ago

I had to force push because I made a mistake in the date in the %changelog section.

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/59171789e04744098dc4a42477449ad3

The failure reason for the rpm-tmt-test seems to be:

Too many packages to install: 206 (threshold 100). Please use 'repository-file' artifact instead."

this doesn't look to me like it is an issue introduced by my commit.

rebased onto 4f4febc

3 months ago

Rebased to account for other changes to the qemu git.

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/904d457d073d4a65ba1ab375f84b07c7

Reason for the scratch build fail seems to be some dependency issue in Rawhide, not anything in qemu or my change:

DEBUG util.py:461:  Problem: package systemtap-5.0~pre16958465gca71442b-1.fc40.x86_64 requires systemtap-devel = 5.0~pre16958465gca71442b-1.fc40, but none of the providers can be installed
DEBUG util.py:461:    - conflicting requests
DEBUG util.py:461:    - nothing provides libboost_system.so.1.81.0()(64bit) needed by systemtap-devel-5.0~pre16958465gca71442b-1.fc40.x86_64

I've just tested and confirmed that systemd does NOT allow arbitrary shell var expansion, so the following does not work:

  • ${BLACKLIST_RPC:+--block-rpcs=${BLACKLIST_RPC}}

So there's basically no way to make this work in a back compatible manner while still allowing users to option to use --allow-rpcs instead AFAICT.

I've just tested and confirmed that systemd does NOT allow arbitrary shell var expansion,

exactly.

This is why I modified my code to let systemd fork via bash instead:

 ExecStart=/usr/bin/bash -c "/usr/bin/qemu-ga \

This isn't perfect of course, but it allows to keep backwards compatibility. I tested the code and using BLACKLIST_RPC in the sysconfig-file works as expected.

I think gaining the backwards compatibility warrants the unaesthetic way of forking via bash. Do you concur?

rebased onto 908d6f9

2 months ago

Ping.

I just rebased the patch to the current baserelease number.

Is there anything I can do to help to get this merged?

Build succeeded.
https://fedora.softwarefactory-project.io/zuul/buildset/015a249e43264fdb8c2e8aacc8db2265