Add audit support. Add VEPA (802.1Qbg) support. Add numad support. Enable MACVTAP and VEPA by default since it brings in no additional deps. Check for MACVTAP support in the kernel.

(Portage version: 2.1.10.65/cvs/Linux x86_64)

4 files changed, 410 insertions, 8 deletions

diff --git a/app-emulation/libvirt/ChangeLog b/app-emulation/libvirt/ChangeLog
index 8bebbda3f7e1..46001e34d2d6 100644
--- a/app-emulation/libvirt/ChangeLog
+++ b/app-emulation/libvirt/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-emulation/libvirt
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v 1.188 2012/06/16 20:39:08 floppym Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v 1.189 2012/06/26 02:38:34 cardoe Exp $
+
+*libvirt-0.9.12-r1 (25 Jun 2012)
+
+  25 Jun 2012; Doug Goldstein <cardoe@gentoo.org> +libvirt-0.9.12-r1.ebuild,
+  libvirt-9999.ebuild, metadata.xml:
+  Add audit support. Add VEPA (802.1Qbg) support. Add numad support. Enable
+  MACVTAP and VEPA by default since it brings in no additional deps. Check for
+  MACVTAP support in the kernel.
 
   16 Jun 2012; Mike Gilbert <floppym@gentoo.org> libvirt-0.9.12.ebuild,
   libvirt-9999.ebuild:
diff --git a/app-emulation/libvirt/libvirt-0.9.12-r1.ebuild b/app-emulation/libvirt/libvirt-0.9.12-r1.ebuild
new file mode 100644
index 000000000000..efdff589fed6
--- /dev/null
+++ b/app-emulation/libvirt/libvirt-0.9.12-r1.ebuild
@@ -0,0 +1,377 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/libvirt-0.9.12-r1.ebuild,v 1.1 2012/06/26 02:38:34 cardoe Exp $
+
+EAPI=4
+
+#BACKPORTS=1
+#AUTOTOOLIZE=yes
+
+MY_P="${P/_rc/-rc}"
+
+PYTHON_DEPEND="python? 2:2.5"
+#RESTRICT_PYTHON_ABIS="3.*"
+#SUPPORT_PYTHON_ABIS="1"
+
+inherit eutils python user autotools linux-info
+
+if [[ ${PV} = *9999* ]]; then
+	inherit git-2
+	EGIT_REPO_URI="git://libvirt.org/libvirt.git"
+	AUTOTOOLIZE=yes
+	SRC_URI=""
+	KEYWORDS=""
+else
+	SRC_URI="http://libvirt.org/sources/${MY_P}.tar.gz
+		ftp://libvirt.org/libvirt/${MY_P}.tar.gz
+		${BACKPORTS:+
+			http://dev.gentoo.org/~cardoe/distfiles/${MY_P}-bp-${BACKPORTS}.tar.bz2}"
+	KEYWORDS="~amd64 ~x86"
+fi
+S="${WORKDIR}/${P%_rc*}"
+
+DESCRIPTION="C toolkit to manipulate virtual machines"
+HOMEPAGE="http://www.libvirt.org/"
+LICENSE="LGPL-2.1"
+SLOT="0"
+IUSE="audit avahi +caps debug iscsi +libvirtd lvm +lxc +macvtap nfs \
+	nls numa openvz parted pcap phyp policykit python qemu sasl selinux +udev \
+	uml +vepa virtualbox virt-network xen elibc_glibc"
+# IUSE=one : bug #293416 & bug #299011
+REQUIRED_USE="libvirtd? ( || ( lxc openvz qemu uml virtualbox xen ) )
+	lxc? ( caps libvirtd )
+	openvz? ( libvirtd )
+	qemu? ( libvirtd )
+	uml? ( libvirtd )
+	vepa? ( macvtap )
+	virtualbox? ( libvirtd )
+	xen? ( libvirtd )"
+
+# gettext.sh command is used by the libvirt command wrappers, and it's
+# non-optional, so put it into RDEPEND.
+# We can use both libnl:1.1 and libnl:3, but if you have both installed, the
+# package will use 1.1 by default
+RDEPEND="sys-libs/readline
+	sys-libs/ncurses
+	>=net-misc/curl-7.18.0
+	dev-libs/libgcrypt
+	>=dev-libs/libxml2-2.7.6
+	dev-libs/libnl:1.1
+	>=net-libs/gnutls-1.0.25
+	sys-apps/dmidecode
+	>=sys-apps/util-linux-2.17
+	sys-devel/gettext
+	>=net-analyzer/netcat6-1.0-r2
+	app-misc/scrub
+	audit? ( sys-process/audit )
+	avahi? ( >=net-dns/avahi-0.6[dbus] )
+	caps? ( sys-libs/libcap-ng )
+	iscsi? ( sys-block/open-iscsi )
+	lxc? ( sys-power/pm-utils )
+	lvm? ( >=sys-fs/lvm2-2.02.48-r2 )
+	nfs? ( net-fs/nfs-utils )
+	numa? (
+		>sys-process/numactl-2.0.2
+		sys-process/numad
+	)
+	openvz? ( sys-kernel/openvz-sources )
+	parted? (
+		>=sys-block/parted-1.8[device-mapper]
+		sys-fs/lvm2
+	)
+	pcap? ( >=net-libs/libpcap-1.0.0 )
+	phyp? ( net-libs/libssh2 )
+	policykit? ( >=sys-auth/polkit-0.9 )
+	qemu? (
+		|| ( app-emulation/qemu-kvm >=app-emulation/qemu-0.10.0 )
+		dev-libs/yajl
+		sys-power/pm-utils
+	)
+	sasl? ( dev-libs/cyrus-sasl )
+	selinux? ( >=sys-libs/libselinux-2.0.85 )
+	virtualbox? ( || ( app-emulation/virtualbox >=app-emulation/virtualbox-bin-2.2.0 ) )
+	xen? ( app-emulation/xen-tools app-emulation/xen )
+	udev? ( >=sys-fs/udev-145 >=x11-libs/libpciaccess-0.10.9 )
+	virt-network? ( net-dns/dnsmasq
+		>=net-firewall/iptables-1.4.10
+		net-firewall/ebtables
+		sys-apps/iproute2[-minimal] )
+	elibc_glibc? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )"
+# one? ( dev-libs/xmlrpc-c )
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+	app-text/xhtml1
+	=dev-lang/python-2*"
+
+LXC_CONFIG_CHECK="
+	~CGROUPS
+	~CGROUP_FREEZER
+	~CGROUP_DEVICE
+	~CPUSETS
+	~CGROUP_CPUACCT
+	~RESOURCE_COUNTERS
+	~CGROUP_MEM_RES_CTLR
+	~CGROUP_SCHED
+	~BLK_CGROUP
+	~NAMESPACES
+	~UTS_NS
+	~IPC_NS
+	~USER_NS
+	~PID_NS
+	~NET_NS
+	~DEVPTS_MULTIPLE_INSTANCES
+	~VETH
+	~MACVLAN
+	~POSIX_MQUEUE
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+"
+
+VIRTNET_CONFIG_CHECK="
+	~BRIDGE_NF_EBTABLES
+	~NETFILTER_ADVANCED
+	~NETFILTER_XT_TARGET_CHECKSUM
+"
+
+MACVTAP_CONFIG_CHECK="~MACVTAP"
+
+pkg_setup() {
+	python_set_active_version 2
+	python_pkg_setup
+
+	enewgroup qemu 77
+	enewuser qemu 77 -1 -1 qemu kvm
+
+	CONFIG_CHECK=""
+	use lxc && CONFIG_CHECK+="${LXC_CONFIG_CHECK}"
+	use macvtap && CONFIG_CHECK+="${MACVTAP}"
+	use virt-network && CONFIG_CHECK+="${VIRTNET_CONFIG_CHECK}"
+	if [[ -n ${CONFIG_CHECK} ]]; then
+		linux-info_pkg_setup
+	fi
+}
+
+src_prepare() {
+	[[ -n ${BACKPORTS} ]] && \
+		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
+			epatch
+
+	if [[ ${PV} = *9999* ]]; then
+
+		# git checkouts require bootstrapping to create the configure script.
+		# Additionally the submodules must be cloned to the right locations
+		# bug #377279
+		./bootstrap || die "bootstrap failed"
+		(
+			git submodule status | sed 's/^[ +-]//;s/ .*//'
+			git hash-object bootstrap.conf
+		) >.git-module-status
+	fi
+
+	epatch_user
+
+	[[ -n ${AUTOTOOLIZE} ]] && eautoreconf
+}
+
+src_configure() {
+	local myconf=""
+
+	myconf="${myconf} $(use_enable debug)"
+
+	## enable/disable daemon, otherwise client only utils
+	myconf="${myconf} $(use_with libvirtd)"
+
+	## enable/disable the daemon using avahi to find VMs
+	myconf="${myconf} $(use_with avahi)"
+
+	## hypervisors on the local host
+	myconf="${myconf} $(use_with xen) $(use_with xen xen-inotify)"
+	 # leave it automagic as it depends on the version of xen used.
+	use xen || myconf+=" --without-libxl"
+
+	myconf="${myconf} $(use_with openvz)"
+	myconf="${myconf} $(use_with lxc)"
+	if use virtualbox && has_version app-emulation/virtualbox-ose; then
+		myconf="${myconf} --with-vbox=/usr/lib/virtualbox-ose/"
+	else
+		myconf="${myconf} $(use_with virtualbox vbox)"
+	fi
+	myconf="${myconf} $(use_with uml)"
+	myconf="${myconf} $(use_with qemu)"
+	myconf="${myconf} $(use_with qemu yajl)" # Use QMP over HMP
+	# doesn't belong with hypervisors but links to libvirtd for some reason
+	#myconf="${myconf} $(use_with one)"
+
+	## hypervisor protocols
+	myconf="${myconf} $(use_with phyp)"
+	myconf="${myconf} --with-esx"
+
+	## additional host drivers
+	myconf="${myconf} $(use_with virt-network network)"
+	myconf="${myconf} --with-storage-fs"
+	myconf="${myconf} $(use_with lvm storage-lvm)"
+	myconf="${myconf} $(use_with iscsi storage-iscsi)"
+	myconf="${myconf} $(use_with parted storage-disk)"
+	myconf="${myconf} $(use_with lvm storage-mpath)"
+	#myconf="${myconf} --without-storage-rbd"
+	myconf="${myconf} $(use_with numa numactl)"
+	myconf="${myconf} $(use_with numa numad)"
+	myconf="${myconf} $(use_with selinux)"
+
+	# udev for device support details
+	myconf="${myconf} $(use_with udev)"
+
+	# linux capability support so we don't need privileged accounts
+	myconf="${myconf} $(use_with caps capng)"
+
+	## auth stuff
+	myconf="${myconf} $(use_with policykit polkit)"
+	myconf="${myconf} $(use_with sasl)"
+
+	# network bits
+	myconf="${myconf} $(use_with macvtap)"
+	myconf="${myconf} $(use_with pcap libpcap)"
+	myconf="${myconf} $(use_with vepa virtualport)"
+
+	## other
+	myconf="${myconf} $(use_enable nls)"
+	myconf="${myconf} $(use_with python)"
+
+	# user privilege bits fir qemu/kvm
+	if use caps; then
+		myconf="${myconf} --with-qemu-user=qemu"
+		myconf="${myconf} --with-qemu-group=qemu"
+	else
+		myconf="${myconf} --with-qemu-user=root"
+		myconf="${myconf} --with-qemu-group=root"
+	fi
+
+	# audit support
+	myconf="${myconf} $(use_with audit)"
+
+	## stuff we don't yet support
+	myconf="${myconf} --without-netcf"
+
+	# we use udev over hal
+	myconf="${myconf} --without-hal"
+
+	# locking support
+	myconf="${myconf} --without-sanlock"
+
+	# this is a nasty trick to work around the problem in bug
+	# #275073. The reason why we don't solve this properly is that
+	# it'll require us to rebuild autotools (and we don't really want
+	# to do that right now). The proper solution has been sent
+	# upstream and should hopefully land in 0.7.7, in the mean time,
+	# mime the same functionality with this.
+	case ${CHOST} in
+		*cygwin* | *mingw* )
+			;;
+		*)
+			ac_cv_prog_WINDRES=no
+			;;
+	esac
+
+	econf \
+		${myconf} \
+		--disable-static \
+		--docdir=/usr/share/doc/${PF} \
+		--with-remote \
+		--localstatedir=/var
+
+	if [[ ${PV} = *9999* ]]; then
+		# Restore gnulib's config.sub and config.guess
+		# bug #377279
+		(cd .gnulib && git reset --hard > /dev/null)
+	fi
+}
+
+src_test() {
+	# Explicitly allow parallel build of tests
+	HOME="${T}" emake check || die "tests failed"
+}
+
+src_install() {
+	emake install \
+		DESTDIR="${D}" \
+		HTML_DIR=/usr/share/doc/${PF}/html \
+		DOCS_DIR=/usr/share/doc/${PF}/python \
+		EXAMPLE_DIR=/usr/share/doc/${PF}/python/examples \
+		|| die "emake install failed"
+
+	find "${D}" -name '*.la' -delete || die
+
+	use libvirtd || return 0
+	# From here, only libvirtd-related instructions, be warned!
+
+	newinitd "${FILESDIR}/libvirtd.init-r8" libvirtd || die
+	newconfd "${FILESDIR}/libvirtd.confd-r3" libvirtd || die
+
+	keepdir /var/lib/libvirt/images
+}
+
+pkg_preinst() {
+	# we only ever want to generate this once
+	if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then
+		rm -rf "${D}"/etc/libvirt/qemu/networks/default.xml
+	fi
+
+	# We really don't want to use or support old PolicyKit cause it
+	# screws with the new polkit integration
+	if has_version sys-auth/policykit; then
+		rm -rf "${D}"/usr/share/PolicyKit/policy/org.libvirt.unix.policy
+	fi
+
+	# Only sysctl files ending in .conf work
+	mv "${D}"/etc/sysctl.d/libvirtd "${D}"/etc/sysctl.d/libvirtd.conf
+}
+
+pkg_postinst() {
+	use python && python_mod_optimize libvirt.py
+
+	# support for dropped privileges
+	fperms 0750 "${EROOT}/var/lib/libvirt/qemu"
+	fperms 0750 "${EROOT}/var/cache/libvirt/qemu"
+	if use caps && use qemu; then
+		fowners -R qemu:qemu "${EROOT}/var/lib/libvirt/qemu"
+		fowners -R qemu:qemu "${EROOT}/var/cache/libvirt/qemu"
+	elif use qemu; then
+		fowners -R root:root "${EROOT}/var/lib/libvirt/qemu"
+		fowners -R root:root "${EROOT}/var/cache/libvirt/qemu"
+	fi
+
+	if ! use policykit; then
+		elog "To allow normal users to connect to libvirtd you must change the"
+		elog "unix sock group and/or perms in /etc/libvirt/libvirtd.conf"
+	fi
+
+	use libvirtd || return 0
+	# From here, only libvirtd-related instructions, be warned!
+
+	elog
+	elog "For the basic networking support (bridged and routed networks)"
+	elog "you don't need any extra software. For more complex network modes"
+	elog "including but not limited to NATed network, you can enable the"
+	elog "'virt-network' USE flag."
+	elog
+	if has_version net-dns/dnsmasq; then
+		ewarn "If you have a DNS server setup on your machine, you will have"
+		ewarn "to configure /etc/dnsmasq.conf to enable the following settings: "
+		ewarn " bind-interfaces"
+		ewarn " interface or except-interface"
+		ewarn
+		ewarn "Otherwise you might have issues with your existing DNS server."
+	fi
+
+	if use caps && use qemu; then
+		elog "libvirt will now start qemu/kvm VMs with non-root privileges."
+		elog "Ensure any resources your VMs use are accessible by qemu:qemu"
+	fi
+}
+
+pkg_postrm() {
+	use python && python_mod_cleanup libvirt.py
+}
diff --git a/app-emulation/libvirt/libvirt-9999.ebuild b/app-emulation/libvirt/libvirt-9999.ebuild
index 2a3419ce6ed7..ae22d278b53c 100644
--- a/app-emulation/libvirt/libvirt-9999.ebuild
+++ b/app-emulation/libvirt/libvirt-9999.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/libvirt-9999.ebuild,v 1.35 2012/06/16 20:39:08 floppym Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/libvirt-9999.ebuild,v 1.36 2012/06/26 02:38:33 cardoe Exp $
 
 EAPI=4
 
@@ -34,13 +34,18 @@ DESCRIPTION="C toolkit to manipulate virtual machines"
 HOMEPAGE="http://www.libvirt.org/"
 LICENSE="LGPL-2.1"
 SLOT="0"
-IUSE="avahi +caps debug iscsi +libvirtd lvm +lxc macvtap nfs \
+IUSE="audit avahi +caps debug iscsi +libvirtd lvm +lxc +macvtap nfs \
 	nls numa openvz parted pcap phyp policykit python qemu sasl selinux +udev \
-	uml virtualbox virt-network xen elibc_glibc"
+	uml +vepa virtualbox virt-network xen elibc_glibc"
 # IUSE=one : bug #293416 & bug #299011
 REQUIRED_USE="libvirtd? ( || ( lxc openvz qemu uml virtualbox xen ) )
-	lxc? ( caps libvirtd ) openvz? ( libvirtd ) qemu? ( libvirtd ) uml? ( libvirtd )
-	virtualbox? ( libvirtd ) xen? ( libvirtd )"
+	lxc? ( caps libvirtd )
+	openvz? ( libvirtd )
+	qemu? ( libvirtd )
+	uml? ( libvirtd )
+	vepa? ( macvtap )
+	virtualbox? ( libvirtd )
+	xen? ( libvirtd )"
 
 # gettext.sh command is used by the libvirt command wrappers, and it's
 # non-optional, so put it into RDEPEND.
@@ -58,6 +63,7 @@ RDEPEND="sys-libs/readline
 	sys-devel/gettext
 	>=net-analyzer/netcat6-1.0-r2
 	app-misc/scrub
+	audit? ( sys-process/audit )
 	avahi? ( >=net-dns/avahi-0.6[dbus] )
 	caps? ( sys-libs/libcap-ng )
 	iscsi? ( sys-block/open-iscsi )
@@ -130,6 +136,8 @@ VIRTNET_CONFIG_CHECK="
 	~NETFILTER_XT_TARGET_CHECKSUM
 "
 
+MACVTAP_CONFIG_CHECK="~MACVTAP"
+
 pkg_setup() {
 	python_set_active_version 2
 	python_pkg_setup
@@ -139,6 +147,7 @@ pkg_setup() {
 
 	CONFIG_CHECK=""
 	use lxc && CONFIG_CHECK+="${LXC_CONFIG_CHECK}"
+	use macvtap && CONFIG_CHECK+="${MACVTAP}"
 	use virt-network && CONFIG_CHECK+="${VIRTNET_CONFIG_CHECK}"
 	if [[ -n ${CONFIG_CHECK} ]]; then
 		linux-info_pkg_setup
@@ -225,6 +234,7 @@ src_configure() {
 	# network bits
 	myconf="${myconf} $(use_with macvtap)"
 	myconf="${myconf} $(use_with pcap libpcap)"
+	myconf="${myconf} $(use_with vepa virtualport)"
 
 	## other
 	myconf="${myconf} $(use_enable nls)"
@@ -239,8 +249,11 @@ src_configure() {
 		myconf="${myconf} --with-qemu-group=root"
 	fi
 
+	# audit support
+	myconf="${myconf} $(use_with audit)"
+
 	## stuff we don't yet support
-	myconf="${myconf} --without-netcf --without-audit"
+	myconf="${myconf} --without-netcf"
 
 	# we use udev over hal
 	myconf="${myconf} --without-hal"
diff --git a/app-emulation/libvirt/metadata.xml b/app-emulation/libvirt/metadata.xml
index 9daabe020db1..e75138cfabed 100644
--- a/app-emulation/libvirt/metadata.xml
+++ b/app-emulation/libvirt/metadata.xml
@@ -49,8 +49,10 @@
     </flag>
 
     <!-- Miscellaneous flags -->
+	<flag name='audit'>support <pkg>sys-process/audit</pkg></flag>
     <flag name='numa'>
-      Use NUMA for memory segmenting via <pkg>sys-process/numactl</pkg>
+      Use NUMA for memory segmenting via <pkg>sys-process/numactl</pkg> and
+	  <pkg>sys-process/numad</pkg>
     </flag>
     <flag name='libvirtd'>
       Builds the libvirtd daemon as well as the client utilities instead of just the client
@@ -65,6 +67,8 @@
 		macvtap support requires very new kernels and is
 		currently evolving. Support for this is experimental at best.
     </flag>
+	<flag name='vepa'>Virtual Ethernet Port Aggregator (VEPA) / 802.1Qbg
+		support. Relies on macvtap support.</flag>
     <flag name='json'>
       Support QEmu 0.13 JSON-based interface, using <pkg>dev-libs/yajl</pkg>.
     </flag>