rpms / qemu

Clone
Source Code
GIT

#9 Fix FTBFS errors for F33/Rawhide and ELN
Closed 3 years ago by berrange. Opened 3 years ago by merlinm.
rpms/ merlinm/qemu eln  into  master

file added
+171 
@@ -0,0 +1,171 @@ 
 

+ From 3e018afbfe005a3448949bfe3954888b9d8460c4 Mon Sep 17 00:00:00 2001
 

+ From: =?utf8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
 

+ Date: Wed, 15 Jul 2020 16:47:01 +0100
 

+ Subject: [PATCH] crypto: use a stronger private key for tests
 

+ MIME-Version: 1.0
 

+ Content-Type: text/plain; charset=utf8
 

+ Content-Transfer-Encoding: 8bit
 

+ 

+ The unit tests using the x509 crypto functionality have started
 

+ failing in Fedora 33 rawhide with a message like
 

+ 

+       The certificate uses an insecure algorithm
 

+ 

+ This is result of Fedora changes to support strong crypto [1]. RSA
 

+ with 1024 bit key is viewed as legacy and thus insecure. Generate
 

+ a new private key which is 3072 bits long and reasonable future
 

+ proof.
 

+ 

+ [1] https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
 

+ 

+ Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 

+ Message-Id: <20200715154701.1041325-1-berrange@redhat.com>
 

+ Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
 

+ Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
 

+ Signed-off-by: Kevin Wolf <kwolf@redhat.com>
 

+ ---
 

+  tests/crypto-tls-x509-helpers.c | 59 ++++++++++++++++++++++++++++-------------
 

+  tests/qemu-iotests/common.tls   | 57 ++++++++++++++++++++++++++-------------
 

+  2 files changed, 79 insertions(+), 37 deletions(-)
 

+ 

+ diff --git a/tests/crypto-tls-x509-helpers.c b/tests/crypto-tls-x509-helpers.c
 

+ index 9b669c2..01b3daf 100644
 

+ --- a/tests/crypto-tls-x509-helpers.c
 

+ +++ b/tests/crypto-tls-x509-helpers.c
 

+ @@ -37,25 +37,46 @@ ASN1_TYPE pkix_asn1;
 

+   * here's one we prepared earlier :-)
 

+   */
 

+  gnutls_x509_privkey_t privkey;
 

+ -# define PRIVATE_KEY                                              \
 

+ -    "-----BEGIN PRIVATE KEY-----\n"                               \
 

+ -    "MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr\n"     \
 

+ -    "BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE\n"     \
 

+ -    "Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9\n"     \
 

+ -    "rPolUY2lIVC83q0BBaOBkCj2RSmT2xTEbbC2xLukSrg2WP/ihVOxc\n"     \
 

+ -    "kXRuyFtzAgMBAAECgYB7slBexDwXrtItAMIH6m/U+LUpNe0Xx48OL\n"     \
 

+ -    "IOn4a4whNgO/o84uIwygUK27ZGFZT0kAGAk8CdF9hA6ArcbQ62s1H\n"     \
 

+ -    "myxrUbF9/mrLsQw1NEqpuUk9Ay2Tx5U/wPx35S3W/X2AvR/ZpTnCn\n"     \
 

+ -    "2q/7ym9fyiSoj86drD7BTvmKXlOnOwQJBAPOFMp4mMa9NGpGuEssO\n"     \
 

+ -    "m3Uwbp6lhcP0cA9MK+iOmeANpoKWfBdk5O34VbmeXnGYWEkrnX+9J\n"     \
 

+ -    "bM4wVhnnBWtgBMCQQC+qAEmvwcfhauERKYznMVUVksyeuhxhCe7EK\n"     \
 

+ -    "mPh+U2+g0WwdKvGDgO0PPt1gq0ILEjspMDeMHVdTwkaVBo/uMhAkA\n"     \
 

+ -    "Z5SsZyCP2aTOPFDypXRdI4eqRcjaEPOUBq27r3uYb/jeboVb2weLa\n"     \
 

+ -    "L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd\n"     \
 

+ -    "a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W\n"     \
 

+ -    "nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp\n"     \
 

+ -    "dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n"         \
 

+ -    "-----END PRIVATE KEY-----\n"
 

+ +# define PRIVATE_KEY \
 

+ +    "-----BEGIN RSA PRIVATE KEY-----\n" \
 

+ +    "MIIG5AIBAAKCAYEAyjWyLSNm5PZvYUKUcDWGqbLX10b2ood+YaFjWSnJrqx/q3qh\n" \
 

+ +    "rVGBJglD25AJENJsmZF3zPP1oMhfIxsXu63Hdkb6Rdlc2RUoUP34x9VC1izH25mR\n" \
 

+ +    "6c8DPDp1d6IraZ/llDMI1HsBFz0qGWtvOHgm815XG4PAr/N8rDsuqfv/cJ01KlnO\n" \
 

+ +    "0OdO5QRXCJf9g/dYd41MPu7wOXk9FqjQlmRoP59HgtJ+zUpE4z+Keruw9cMT9VJj\n" \
 

+ +    "0oT+pQ9ysenqeZ3gbT224T1khrEhT5kifhtFLNyDssRchUUWH0hiqoOO1vgb+850\n" \
 

+ +    "W6/1VdxvuPam48py4diSPi1Vip8NITCOBaX9FIpVp4Ruw4rTPVMNMjq9Cpx/DwMP\n" \
 

+ +    "9MbfXfnaVaZaMrmq67/zPhl0eVbUrecH2hQ3ZB9oIF4GkNskzlWF5+yPy6zqk304\n" \
 

+ +    "AKaiFR6jRyh3YfHo2XFqV8x/hxdsIEXOtEUGhSIcpynsW+ckUCartzu7xbhXjd4b\n" \
 

+ +    "kxJT89+riPFYij09AgMBAAECggGBAKyFkaZXXROeejrmHlV6JZGlp+fhgM38gkRz\n" \
 

+ +    "+Jp7P7rLLAY3E7gXIPQ91WqAAmwazFNdvHPd9USfkCQYmnAi/VoZhrCPmlsQZRxt\n" \
 

+ +    "A5QjjOnEvSPMa6SrXZxGWDCg6R8uMCb4P+FhrPWR1thnRDZOtRTQ+crc50p3mHgt\n" \
 

+ +    "6ktXWIJRbqnag8zSfQqCYGtRmhe8sfsWT+Yl4El4+jjaAVU/B364u7+PLmaiphGp\n" \
 

+ +    "BdJfTsTwEpgtGkPj+osDmhzXcZkfq3V+fz5JLkemsCiQKmn4VJRpg8c3ZmE8NPNt\n" \
 

+ +    "gRtGWZ4W3WKDvhotT65WpQx4+6R8Duux/blNPBmH1Upmwd7kj7GYFBArbCjgd9PT\n" \
 

+ +    "xgfCSUZpgOZHHkcgSB+022a8XncXna7WYYij28SLtwImFyu0nNtqECFQHH5u+k6C\n" \
 

+ +    "LRYBSN+3t3At8dQuk01NVrJBndmjmXRfxpqUtTdeaNgVpdUYRY98s30G68NYGSra\n" \
 

+ +    "aEvhhRSghkcLNetkobpY9pUgeqW/tQKBwQDZHHK9nDMt/zk1TxtILeUSitPXcv1/\n" \
 

+ +    "8ufXqO0miHdH23XuXhIEA6Ef26RRVGDGgpjkveDJK/1w5feJ4H/ni4Vclil/cm38\n" \
 

+ +    "OwRqjjd7ElHJX6JQbsxEx/gNTk5/QW1iAL9TXUalgepsSXYT6AJ0/CJv0jmJSJ36\n" \
 

+ +    "YoKMOM8uqzb2KhN6i+RlJRi5iY53kUhWTJq5ArWvNhUzQNSYODI4bNxlsKSBL2Ik\n" \
 

+ +    "LZ5QKHuaEjQet0IlPlfIb4PzMm8CHa/urOcCgcEA7m3zW/lL5bIFoKPjWig5Lbn1\n" \
 

+ +    "aHfrG2ngqzWtgWtfZqMH8OkZc1Mdhhmvd46titjiLjeI+UP/uHXR0068PnrNngzl\n" \
 

+ +    "tTgwlakzu+bWzqhBm1F+3/341st/FEk07r0P/3/PhezVjwfO8c8Exj7pLxH4wrH0\n" \
 

+ +    "ROHgDbClmlJRu6OO78wk1+Vapf5DWa8YfA+q+fdvr7KvgGyytheKMT/b/dsqOq7y\n" \
 

+ +    "qZPjmaJKWAvV3RWG8lWHFSdHx2IAHMHfGr17Y/w7AoHBALzwZeYebeekiVucGSjq\n" \
 

+ +    "T8SgLhT7zCIx+JMUPjVfYzaUhP/Iu7Lkma6IzWm9nW6Drpy5pUpMzwUWDCLfzU9q\n" \
 

+ +    "eseFIl337kEn9wLn+t5OpgAyCqYmlftxbqvdrrBN9uvnrJjWvqk/8wsDrw9JxAGc\n" \
 

+ +    "fjeD4nBXUqvYWLXApoR9mZoGKedmoH9pFig4zlO9ig8YITnKYuQ0k6SD0b8agJHc\n" \
 

+ +    "Ir0YSUDnRGgpjvFBGbeOCe+FGbohk/EpItJc3IAh5740lwKBwAdXd2DjokSmYKn7\n" \
 

+ +    "oeqKxofz6+yVlLW5YuOiuX78sWlVp87xPolgi84vSEnkKM/Xsc8+goc6YstpRVa+\n" \
 

+ +    "W+mImoA9YW1dF5HkLeWhTAf9AlgoAEIhbeIfTgBv6KNZSv7RDrDPBBxtXx/vAfSg\n" \
 

+ +    "x0ldwk0scZsVYXLKd67yzfV7KdGUdaX4N/xYgfZm/9gCG3+q8NN2KxVHQ5F71BOE\n" \
 

+ +    "JeABOaGo9WvnU+DNMIDZjHJMUWVw4MHz/a/UArDf/2CxaPVBNQKBwASg6j4ohSTk\n" \
 

+ +    "J7aE6RQ3OBmmDDpixcoCJt9u9SjHVYMlbs5CEJGVSczk0SG3y8P1lOWNDSRnMksZ\n" \
 

+ +    "xWnHdP/ogcuYMuvK7UACNAF0zNddtzOhzcpNmejFj+WCHYY/UmPr2/Kf6t7Cxk2K\n" \
 

+ +    "3cZ4tqWsiTmBT8Bknmah7L5DrhS+ZBJliDeFAA8fZHdMH0Xjr4UBp9kF90EMTdW1\n" \
 

+ +    "Xr5uz7ZrMsYpYQI7mmyqV9SSjUg4iBXwVSoag1iDJ1K8Qg/L7Semgg==\n" \
 

+ +    "-----END RSA PRIVATE KEY-----\n"
 

+  

+  /*
 

+   * This loads the private key we defined earlier
 

+ diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
 

+ index 54c331d..6ba28a7 100644
 

+ --- a/tests/qemu-iotests/common.tls
 

+ +++ b/tests/qemu-iotests/common.tls
 

+ @@ -50,24 +50,45 @@ tls_x509_init()
 

+      # use a fixed key so we don't waste system entropy on
 

+      # each test run
 

+      cat > "${tls_dir}/key.pem" <<EOF
 

+ ------BEGIN PRIVATE KEY-----
 

+ -MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr
 

+ -BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE
 

+ -Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9
 

+ -rPolUY2lIVC83q0BBaOBkCj2RSmT2xTEbbC2xLukSrg2WP/ihVOxc
 

+ -kXRuyFtzAgMBAAECgYB7slBexDwXrtItAMIH6m/U+LUpNe0Xx48OL
 

+ -IOn4a4whNgO/o84uIwygUK27ZGFZT0kAGAk8CdF9hA6ArcbQ62s1H
 

+ -myxrUbF9/mrLsQw1NEqpuUk9Ay2Tx5U/wPx35S3W/X2AvR/ZpTnCn
 

+ -2q/7ym9fyiSoj86drD7BTvmKXlOnOwQJBAPOFMp4mMa9NGpGuEssO
 

+ -m3Uwbp6lhcP0cA9MK+iOmeANpoKWfBdk5O34VbmeXnGYWEkrnX+9J
 

+ -bM4wVhnnBWtgBMCQQC+qAEmvwcfhauERKYznMVUVksyeuhxhCe7EK
 

+ -mPh+U2+g0WwdKvGDgO0PPt1gq0ILEjspMDeMHVdTwkaVBo/uMhAkA
 

+ -Z5SsZyCP2aTOPFDypXRdI4eqRcjaEPOUBq27r3uYb/jeboVb2weLa
 

+ -L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd
 

+ -a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W
 

+ -nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp
 

+ -dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci
 

+ ------END PRIVATE KEY-----
 

+ +-----BEGIN RSA PRIVATE KEY-----
 

+ +MIIG5AIBAAKCAYEAyjWyLSNm5PZvYUKUcDWGqbLX10b2ood+YaFjWSnJrqx/q3qh
 

+ +rVGBJglD25AJENJsmZF3zPP1oMhfIxsXu63Hdkb6Rdlc2RUoUP34x9VC1izH25mR
 

+ +6c8DPDp1d6IraZ/llDMI1HsBFz0qGWtvOHgm815XG4PAr/N8rDsuqfv/cJ01KlnO
 

+ +0OdO5QRXCJf9g/dYd41MPu7wOXk9FqjQlmRoP59HgtJ+zUpE4z+Keruw9cMT9VJj
 

+ +0oT+pQ9ysenqeZ3gbT224T1khrEhT5kifhtFLNyDssRchUUWH0hiqoOO1vgb+850
 

+ +W6/1VdxvuPam48py4diSPi1Vip8NITCOBaX9FIpVp4Ruw4rTPVMNMjq9Cpx/DwMP
 

+ +9MbfXfnaVaZaMrmq67/zPhl0eVbUrecH2hQ3ZB9oIF4GkNskzlWF5+yPy6zqk304
 

+ +AKaiFR6jRyh3YfHo2XFqV8x/hxdsIEXOtEUGhSIcpynsW+ckUCartzu7xbhXjd4b
 

+ +kxJT89+riPFYij09AgMBAAECggGBAKyFkaZXXROeejrmHlV6JZGlp+fhgM38gkRz
 

+ ++Jp7P7rLLAY3E7gXIPQ91WqAAmwazFNdvHPd9USfkCQYmnAi/VoZhrCPmlsQZRxt
 

+ +A5QjjOnEvSPMa6SrXZxGWDCg6R8uMCb4P+FhrPWR1thnRDZOtRTQ+crc50p3mHgt
 

+ +6ktXWIJRbqnag8zSfQqCYGtRmhe8sfsWT+Yl4El4+jjaAVU/B364u7+PLmaiphGp
 

+ +BdJfTsTwEpgtGkPj+osDmhzXcZkfq3V+fz5JLkemsCiQKmn4VJRpg8c3ZmE8NPNt
 

+ +gRtGWZ4W3WKDvhotT65WpQx4+6R8Duux/blNPBmH1Upmwd7kj7GYFBArbCjgd9PT
 

+ +xgfCSUZpgOZHHkcgSB+022a8XncXna7WYYij28SLtwImFyu0nNtqECFQHH5u+k6C
 

+ +LRYBSN+3t3At8dQuk01NVrJBndmjmXRfxpqUtTdeaNgVpdUYRY98s30G68NYGSra
 

+ +aEvhhRSghkcLNetkobpY9pUgeqW/tQKBwQDZHHK9nDMt/zk1TxtILeUSitPXcv1/
 

+ +8ufXqO0miHdH23XuXhIEA6Ef26RRVGDGgpjkveDJK/1w5feJ4H/ni4Vclil/cm38
 

+ +OwRqjjd7ElHJX6JQbsxEx/gNTk5/QW1iAL9TXUalgepsSXYT6AJ0/CJv0jmJSJ36
 

+ +YoKMOM8uqzb2KhN6i+RlJRi5iY53kUhWTJq5ArWvNhUzQNSYODI4bNxlsKSBL2Ik
 

+ +LZ5QKHuaEjQet0IlPlfIb4PzMm8CHa/urOcCgcEA7m3zW/lL5bIFoKPjWig5Lbn1
 

+ +aHfrG2ngqzWtgWtfZqMH8OkZc1Mdhhmvd46titjiLjeI+UP/uHXR0068PnrNngzl
 

+ +tTgwlakzu+bWzqhBm1F+3/341st/FEk07r0P/3/PhezVjwfO8c8Exj7pLxH4wrH0
 

+ +ROHgDbClmlJRu6OO78wk1+Vapf5DWa8YfA+q+fdvr7KvgGyytheKMT/b/dsqOq7y
 

+ +qZPjmaJKWAvV3RWG8lWHFSdHx2IAHMHfGr17Y/w7AoHBALzwZeYebeekiVucGSjq
 

+ +T8SgLhT7zCIx+JMUPjVfYzaUhP/Iu7Lkma6IzWm9nW6Drpy5pUpMzwUWDCLfzU9q
 

+ +eseFIl337kEn9wLn+t5OpgAyCqYmlftxbqvdrrBN9uvnrJjWvqk/8wsDrw9JxAGc
 

+ +fjeD4nBXUqvYWLXApoR9mZoGKedmoH9pFig4zlO9ig8YITnKYuQ0k6SD0b8agJHc
 

+ +Ir0YSUDnRGgpjvFBGbeOCe+FGbohk/EpItJc3IAh5740lwKBwAdXd2DjokSmYKn7
 

+ +oeqKxofz6+yVlLW5YuOiuX78sWlVp87xPolgi84vSEnkKM/Xsc8+goc6YstpRVa+
 

+ +W+mImoA9YW1dF5HkLeWhTAf9AlgoAEIhbeIfTgBv6KNZSv7RDrDPBBxtXx/vAfSg
 

+ +x0ldwk0scZsVYXLKd67yzfV7KdGUdaX4N/xYgfZm/9gCG3+q8NN2KxVHQ5F71BOE
 

+ +JeABOaGo9WvnU+DNMIDZjHJMUWVw4MHz/a/UArDf/2CxaPVBNQKBwASg6j4ohSTk
 

+ +J7aE6RQ3OBmmDDpixcoCJt9u9SjHVYMlbs5CEJGVSczk0SG3y8P1lOWNDSRnMksZ
 

+ +xWnHdP/ogcuYMuvK7UACNAF0zNddtzOhzcpNmejFj+WCHYY/UmPr2/Kf6t7Cxk2K
 

+ +3cZ4tqWsiTmBT8Bknmah7L5DrhS+ZBJliDeFAA8fZHdMH0Xjr4UBp9kF90EMTdW1
 

+ +Xr5uz7ZrMsYpYQI7mmyqV9SSjUg4iBXwVSoag1iDJ1K8Qg/L7Semgg==
 

+ +-----END RSA PRIVATE KEY-----
 

+  EOF
 

+  }
 

+  

+ -- 

+ 1.8.3.1
 

+

file modified
+8 -9 
@@ -161,7 +161,7 @@ 
 

  Summary: QEMU is a FAST! processor emulator
 

  Name: qemu
 

  Version: 5.0.0
 

- Release: 2%{?rcrel}%{?dist}
 

+ Release: 3%{?rcrel}%{?dist}
 

  Epoch: 2
 

  License: GPLv2 and BSD and MIT and CC-BY
 

  URL: http://www.qemu.org/
 
@@ -190,6 +190,9 @@ 
 

  Patch0001: 0001-aio-posix-don-t-duplicate-fd-handler-deletion-in-fdm.patch
 

  Patch0002: 0002-aio-posix-disable-fdmon-io_uring-when-GSource-is-use.patch
 

  

+ # Upstream patch to use use a stronger private key for tests
 

+ # https://git.qemu.org/?p=qemu.git;a=commit;h=3e018afbfe005a3448949bfe3954888b9d8460c4
 

+ Patch0003: 0003-crypto-use-a-stronger-private-key-for-tests.patch
 

  

  # documentation deps
 

  BuildRequires: texinfo
 
@@ -318,15 +321,9 @@ 
 

  # qemu 4.0: Use for qauth infrastructure
 

  BuildRequires: pam-devel
 

  # qemu 4.0: user-mode networking
 

- %if 0%{?fedora} > 30
 

  BuildRequires: libslirp-devel
 

- %endif
 

  # qemu 4.0: sphinx-build used for some docs
 

- %if 0%{?fedora} > 30
 

  BuildRequires: python3-sphinx
 

- %else
 

- BuildRequires: python2-sphinx
 

- %endif
 

  # qemu 4.0: Used by test suite ./scripts/tap-driver.pl
 

  BuildRequires: perl-Test-Harness
 

  # Required for making python shebangs versioned
 
@@ -1145,9 +1142,7 @@ 
 

  %ifarch s390 %{mips64}
 

      --enable-tcg-interpreter \
 

  %endif
 

- %if 0%{?fedora} > 30
 

      --enable-slirp=system \
 

- %endif
 

  

  echo "config-host.mak contents:"
 

  echo "==="
 
@@ -1839,6 +1834,10 @@ 
 

  

  

  %changelog
 

+ * Mon Jul 20 2020 Merlin Mathesius <mmathesi@redhat.com> - 5.0.0-3
 

+ - Conditional cleanup
 

+ - Patch to fix weak private key causing test failures
 

+ 

  * Wed May 13 2020 Cole Robinson <crobinso@redhat.com> - 5.0.0-2
 

  - Fix iouring hang (bz #1823751)

This PR make the following minor updates to fix FTBFS errors for F33/Rawhide and ELN.

  • Conditional fixes in SPEC to build for ELN
  • BuildRequires kernel-headers instead of kernel--which isn't available for all arches
  • Update the hard-coded private key used by tests from 1024-bit to 2048-bit. It is currently causing build test failures for Rawhide (and ELN, once the above fixes are made) with the message "The certificate uses an insecure algorithm".

Failed scratch build for Rawhide before this PR: https://koji.fedoraproject.org/koji/taskinfo?taskID=46927151
Failed build for ELN before this PR: https://koji.fedoraproject.org/koji/taskinfo?taskID=46400096

Successful scratch build for Rawhide with this PR: https://koji.fedoraproject.org/koji/taskinfo?taskID=47128458
Successful scratch build for ELN with the PR: https://koji.fedoraproject.org/koji/taskinfo?taskID=47128123

We don't have any %rhel conditionals in the Fedora qemu.spec file, because this is exclusively for Fedora. RHEL has a completely different spec file for building QEMU that has nothing in common. i don't think we really want to start adding them for ELN either, it should simply not be built in ELN as it bears no resemblance to what future RHEL will ship for QEMU.

In fact those existing Fedora conditionals should all be purged as we don't care about any Fedora version that is EOL

rebased onto 5e41950e29e4efc2e0d8a7ee425bb24126798ee1
3 years ago

@berrange Thank you for the feedback. It is still valid to include QEMU for ELN as a "RHEL-flavored" Rawhide. I updated this PR to purge the Fedora conditionals--which takes care of ELN's needs as well.

The ELN project is on a modest time schedule.
It sounds like everyone agreed on the change, but the pull request was not merged.
Unless there are further objections, would someone be willing to merge this within a week.

Hmm, I added further comments, but they don't appear to have ever appeared.

The change from kernel to kernel-headers is wrong. The %check phase boots QEMU using a kernel image, so kernel-headers won't satisfy this.

I'm puzzelled why this change was needed, since every arch we care about should have a kernel.

It is puzzling. The kernel builds for ELN (for example, https://koji.fedoraproject.org/koji/buildinfo?buildID=1542651) don't produce a kernel for armv7hl and i686.

I'm surprised armv7hl is built at all in ELN since it has never been relevant for RHEL, but if it is being built I'd expect it to have a kernel available just like Fedora rawhide does.

i686 is needed for multi-lib packages for x86_64, and even Fedora doesn't ship a kernel for i686, so QEMU already excludes it.

So IMHO either ELN should stop doing armv7hl, or should pull in the kernel just like Fedora has. Having ELN diverge from Fedora rawhide in this place just looks wrong.

@berrange Thanks for that feedback. We'll look into the kernel inconsistencies for ELN. I'll revert the kernel-headers change and update this PR to just clean up the conditionals and patch the weak key that's causing FTBFS in Rawhide, too.

BTW the weak key is fixed upstream with this commit: https://git.qemu.org/?p=qemu.git;a=commit;h=3e018afbfe005a3448949bfe3954888b9d8460c4

So ideally just cherry pick that patch

Thanks for that. I looked for a fix like that earlier, but didn't find it.

rebased onto 4e465fd
3 years ago

@berrange - Hi, a bit of background on the armv7hl change for ARK.

The spirit was to reduce risk/churn for rhel-9 in case 32-bit arm becomes a thing due. The first easy step was to have the kernel build armv7hl kernel headers and nothing else. This sets the foundation for building armv7hl userspace packages. Later the kernel could build a full blown binary if the BU decides that.

Therefore the idea was to treat armv7hl like i686 for ELN kernels (Fedora does full binaries for armv7hl). I didn't realize how disruptive it was downstream.

Could you comment out armv7hl like you did for i686 in ELN? Or is that problematic?

Of course we could put a %if %{eln} checks in there to comment out arm7hl, but I'd rather like to be able to 100% ignore ELN and have it just use rawhide specs unchanged. The Fedora QEMU package has essentially zero relevance to RHEL, as we have a completely separate QEMU package for RHEL, so anything we do to workaround ELN is no upside from our POV as maintainers in Fedora.

I don't have an answer for you. For the kernel, we went in the opposite direction and are leveraging the Fedora spec file to prep us for the RHEL kernel instead of keeping separate files as we have done in the past.

ELN is our hook to separate the Fedora pieces from RHEL.

I am not sure how to resolve this conflict of philosophies. :-(

It is probably a larger burden for the kernel team to build a full kernel for arm7, so reluctantly I think the least worst option is to use %{?eln} in the QEMU spec file to exclude the kernel.

It was suggested to me to somehow create a macro %{kernel_arches} that would change between Fedora and ELN. The macro would live in redhat-rpm-config. Then QEMU would only need to build whatever that macro had defined.

A nodejs example:
https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/macros.nodejs-srpm

Not sure if this makes it easier or more difficult. Just throwing out ideas.

Yes, a %{kernel_arches} is probably a useful thing to have even ignoring ELN, since that'd avoid us needing to hardcode the check for i686 that we currently have.

We could use a %{kernel_arches} macro for libguestfs & supermin too.

These changes are now merged

Pull-Request has been closed by berrange
3 years ago

@berrange Thank you for merging those fixes. The %{kernel_arches} macro is still in the pipeline, but is delayed because there hasn't been a successful Rawhide compose for the past 10 days. (It looks like there may have finally been one today!) I'll submit a new PR to change the %ifnarch %{ix86} line to %ifarch %{kernel_arches} when it does become available.

Sounds good to me.
Changes Summary 2
+171
file added
0003-crypto-use-a-stronger-private-key-for-tests.patch
+8 -9
file changed
qemu.spec
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.