Merge libvirt from Debian unstable for kinetic

Upstream: tbd
Debian: 8.2.0-1
Ubuntu: 8.0.0-1ubuntu7

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

### Old Ubuntu Delta ###

libvirt (8.0.0-1ubuntu7) jammy; urgency=medium

  * d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
    and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
    (LP: #1968187)

 -- Lena Voytek <email address hidden> Tue, 12 Apr 2022 10:04:05 -0700

libvirt (8.0.0-1ubuntu6) jammy; urgency=medium

  * d/control: recommend swtpm-tools (LP: #1948748)

 -- Christian Ehrhardt <email address hidden> Mon, 04 Apr 2022 07:30:15 +0200

libvirt (8.0.0-1ubuntu5) jammy; urgency=medium

  * apparmor: Fix QEMU access for UEFI variable files. Backported from
    upstream master commit 7aec69b7fb9d0c. (Closes: #1006324, LP: #1962035)
    Refresh apparmor_profiles_local_include.patch to resolve the conflict.

 -- Martin Pitt <email address hidden> Wed, 09 Mar 2022 13:43:40 +0100

libvirt (8.0.0-1ubuntu4) jammy; urgency=medium

  * No-change rebuild against libwireshark15.

 -- Steve Langasek <email address hidden> Mon, 07 Mar 2022 18:34:34 +0000

libvirt (8.0.0-1ubuntu3) jammy; urgency=medium

  * Revert 'd/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop
    system services and sockets.'
    Due to the fix being in debhelper we no more need this mitigation now.
    (LP: #1959054)

 -- Christian Ehrhardt <email address hidden> Thu, 17 Feb 2022 10:08:01 +0100

libvirt (8.0.0-1ubuntu2) jammy; urgency=medium

  * No-change rebuild to update maintainer scripts, see LP: 1959054

 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:04:47 +0000

libvirt (8.0.0-1ubuntu1) jammy; urgency=medium

  * Merge 8.0.0 from Debian unstable (LP: #1946869)
    Among many other fixes and improvements this fixes ceph usage
    in regard to apparmor (LP: #1588576)
    Remaining changes:
    - libvirt-uri.sh: Automatically switch default libvirt URI for users
      via user profile (xen URI on dom0, qemu:///system otherwise)
      [contains lintian fixups of 6.6.0-1ubuntu1]
    - Disable libssh2 support (universe dependency)
    - d/control: add libzfslinux-dev to build-deps
    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
      (follows Debian, droppable >22.04)
    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
      Secure Boot enabled variants of the OVMF firmware and variable store for
      the paths where we ship these files in Ubuntu.
    - Set qemu-group to kvm (for compat with older ubuntu)
    - Additional apport package-hook
    - Autostart default bridged network (As upstream does, but not Debian).
      In addition to just enabling it our solution provides:
      + do not autostart if subnet is already taken (e.g. in guests).
      + iterate some alternative subnets before giving up
    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
      the group based access to libvirt functions as it was used in Ubuntu
      for quite a long time.
      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
        due to the group access change.
      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
        group.
    - d/p/u/parallel-shutdown.patch: set parallel shutdown by default.
    - Update README.Debian with Ubuntu changes
    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
    - fix autopkgtests (LP 1899180)
      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
        vmlinuz available and accessible (Debian bug 848314)
      + d/t/control: fix smoke-qemu-session by ensuring the service will run
        installing libvirt-daemon-system
      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
        long as the following undefine succeeds
      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
        failing; This was flaky on some release/architectures
      + d/t/smoke-lxc: retry check_domain being flaky on arm64
    - dnsmasq related enhancements
      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
        on purge
      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
        libvirt-dnsmasq and adapt the self tests to expect that config
      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
      + Add dnsmasq configuration to work with system wide dnsmasq-base
    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
      machine type correctly with newer qemu/libvirt
    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
      (LP 1861125) fixups
    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
      split into logical pieces. File names in debian/patches/ubuntu-aa/:
      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
        apparmor, virt-aa-helper: Allow various storage pools and image
        locations
      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
        libvirt-qemu: Add 9p support
      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
        commands executed by ubuntu only kvm wrapper on ppc64el
        (LP 1686621 LP 1680384 LP 1784023)
      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
        apparmor, virt-aa-helper: access for snapped nova
      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
    - libvirt should not use user/group tss for swtpm (LP 1948880)
      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
        to user swtpm
      + d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
      + d/control: suggest swtpm-tools
      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
        due to swtpm-tools (LP 1951975)
  * Dropped changes [in Debian now]:
    - d/control: add libtirpc for rpc.h with glibc >=2.32
    - various patch refreshes and .symbols updated from 7.0.0 - 7.6.0
    - debian/rules: disable the netcf backend. (LP: 1764314)
    - d/libvirt-clients.install: completions no more are symlinked to vsh
    - d/rules: disable the now auto-built vstorage backend
    - not-installed: split daemon man pages are no yet installed
    - d/rules: disable the new Cloud Hypervisor driver
    - d/rules: enable more features explicitly
    - d/rules: use apparmor_profiles=enabled instead of the now rejected
      value true
    - rules: Explicitly set remote_default_mode
    - rules: Rework installation of AppArmor-related files
    - d/control, d/rules: enable libssh (LP 1939416)
  * Dropped changes [upstream now]:
    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
      execution (LP 1913266)
    - d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
      issues due to corrupted apparmor profiles (LP 1927519)
    - Toleration for qemu >=6.0 handling of props (LP 1932264)
    - Persistent vfio-ccw device assignments (LP 1887929)
  * Dropped changes [no more needed]:
    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
      recent ubuntu glibx 2.32 it is breaking the build
    - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
      XDR functions from glibc
    - d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP 1934966)
    - d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
      was not enough)
  * Added changes:
    - d/p/u/dnsmasq-as-priv-user: update for 8.0.0
    - Add recent upstream fixes to 8.0
      + d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work
        in containers like LXD (without guest start would hang).
      + d/p/backport/util-fix-syslog-facility-value.patch to ensure logs
        get passed to syslog/journal correctly.
   - d/rules, d/libvirt-daemon-system.{postinst,postrm}: never stop
     libvirt system services and sockets (LP: #1959054). This allows
     to unblock some transitions that wait on libvirt now; The intention is
     that it is fixed in debhelper and libvirt reverts this change before
     jammy release.

 -- Christian Ehrhardt <email address hidden> Mon, 24 Jan 2022 08:49:08 +0100