diff --git a/libguestfs.keyring b/libguestfs.keyring
deleted file mode 100644
index bb3eb5537b7c398a10b7e2b26ca00af011d1a73e..0000000000000000000000000000000000000000
Binary files a/libguestfs.keyring and /dev/null differ
diff --git a/nbdkit-1.32.6.tar.gz b/nbdkit-1.32.6.tar.gz
deleted file mode 100644
index 0e5ef4f68d70611fd4c31eac5b131148b4c02237..0000000000000000000000000000000000000000
Binary files a/nbdkit-1.32.6.tar.gz and /dev/null differ
diff --git a/nbdkit-1.32.6.tar.gz.sig b/nbdkit-1.32.6.tar.gz.sig
deleted file mode 100644
index c86df62bdc4a16e64456afeeed60cd92e32cea1b..0000000000000000000000000000000000000000
--- a/nbdkit-1.32.6.tar.gz.sig
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmQ+hCYRHHJpY2hAYW5u
-ZXhpYS5vcmcACgkQkXOPc+G3aKAjOA//YeTcb2gJfHXgzSZm55YjFgNk8aC5Tk5k
-6z8DpMQDDmTHhdLXdUUcO8bdVgOExvlRjqR2x8fzfeOnCm36cOKEXhj4EjP8AXOU
-sSwggRIMqBFMy4CYapve8kheMfTjOWDpUeRmlyat1j1IqFx+MYuy5JISuyv0ZYMH
-i3EquEBurRP5cHsMT/q7gq+PAjFP1pCeiEIQZ0bQ4w13j1vWYvKqotL5MjUjLCGA
-LKQd5sv+62Kl60A2E8wtyl8w1p/uVI1SKEvgX8oom/z9d6OdUTUSqZJnOMWRi2aF
-of/5qmdOBjif4VEFm441tEiVUkFWpv79Kl31ujgWrdSUTXZOK8A3sb83uSqOjtgz
-jqRUlVj6bIfnU7k8wKiv5pYB2HU1lZjQ9c2vYTrO/twcLTjkSckVvEztcYV4V+Fv
-01bsD4zBn7s+jzPPouMmrjgrsVNFSlkF72uDB0HgouNwr9rZaFyJpBfR23elS0EB
-owmn1M5OpkKWNZ2Vj38kcYmg2Ga/YHlW2ceirH83e6FFqo02tpwOYgx7sZl7vB2A
-0TEYdB0SrbLIwW5GzGGLv8CGO7Xco9Mm0+J178G3muW55KoM9IoV8IYYEWogMcmW
-cy5SIc3TH9wOO7SD0vT/FjSlQ7wW0kDIwlAMM1O9C3ZniC0TsmxZCSYbMRcwwqlV
-15lFzxju65E=
-=lWP8
------END PGP SIGNATURE-----
diff --git a/nbdkit-1.40.4.tar.gz b/nbdkit-1.40.4.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..fdf780267e54e5ddc940b48685f1951ab418fe32
Binary files /dev/null and b/nbdkit-1.40.4.tar.gz differ
diff --git a/nbdkit.fc b/nbdkit.fc
new file mode 100644
index 0000000000000000000000000000000000000000..48777368683acec928055316a73067d130775446
--- /dev/null
+++ b/nbdkit.fc
@@ -0,0 +1,3 @@
+/usr/sbin/nbdkit -- gen_context(system_u:object_r:nbdkit_exec_t,s0)
+
+/usr/lib/systemd/system/nbdkit.* gen_context(system_u:object_r:nbdkit_unit_file_t,s0)
diff --git a/nbdkit.if b/nbdkit.if
new file mode 100644
index 0000000000000000000000000000000000000000..315fead13e700e33a7cb11802608a15fa14545bd
--- /dev/null
+++ b/nbdkit.if
@@ -0,0 +1,207 @@
+## policy for nbdkit
+
+########################################
+##
+## Execute nbdkit_exec_t in the nbdkit domain.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`nbdkit_domtrans',`
+ gen_require(`
+ type nbdkit_t, nbdkit_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, nbdkit_exec_t, nbdkit_t)
+')
+
+######################################
+##
+## Execute nbdkit in the caller domain.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`nbdkit_exec',`
+ gen_require(`
+ type nbdkit_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ can_exec($1, nbdkit_exec_t)
+')
+
+########################################
+##
+## Execute nbdkit in the nbdkit domain, and
+## allow the specified role the nbdkit domain.
+##
+##
+##
+## Domain allowed to transition
+##
+##
+##
+##
+## The role to be allowed the nbdkit domain.
+##
+##
+#
+interface(`nbdkit_run',`
+ gen_require(`
+ type nbdkit_t;
+ attribute_role nbdkit_roles;
+ ')
+
+ nbdkit_domtrans($1)
+ roleattribute $2 nbdkit_roles;
+')
+
+########################################
+##
+## Role access for nbdkit
+##
+##
+##
+## Role allowed access
+##
+##
+##
+##
+## User domain for the role
+##
+##
+#
+interface(`nbdkit_role',`
+ gen_require(`
+ type nbdkit_t;
+ attribute_role nbdkit_roles;
+ ')
+
+ roleattribute $1 nbdkit_roles;
+
+ nbdkit_domtrans($2)
+
+ ps_process_pattern($2, nbdkit_t)
+ allow $2 nbdkit_t:process { signull signal sigkill };
+')
+
+########################################
+##
+## Allow attempts to connect to nbdkit
+## with a unix stream socket.
+##
+##
+##
+## Domain to not audit.
+##
+##
+#
+interface(`nbdkit_stream_connect',`
+ gen_require(`
+ type nbdkit_t;
+ ')
+
+ allow $1 nbdkit_t:unix_stream_socket connectto;
+')
+
+########################################
+##
+## Allow nbdkit_exec_t to be an entrypoint
+## of the specified domain
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`nbdkit_entrypoint',`
+ gen_require(`
+ type nbdkit_exec_t;
+ ')
+ allow $1 nbdkit_exec_t:file entrypoint;
+')
+
+# ----------------------------------------------------------------------
+# RWMJ: See:
+# https://issues.redhat.com/browse/RHEL-5174?focusedId=23387259&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-23387259
+# Remove this when virt.if gets updated.
+
+########################################
+#
+# Interface compatibility blocks
+#
+# The following definitions ensure compatibility with distribution policy
+# versions that do not contain given interfaces (epel, or older Fedora
+# releases).
+# Each block tests for existence of given interface and defines it if needed.
+#
+
+########################################
+##
+## Read and write to svirt_image dirs.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+ifndef(`virt_rw_svirt_image_dirs',`
+ interface(`virt_rw_svirt_image_dirs',`
+ gen_require(`
+ type svirt_image_t;
+ ')
+
+ allow $1 svirt_image_t:dir rw_dir_perms;
+ ')
+')
+
+########################################
+##
+## Create svirt_image sock_files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+ifndef(`virt_create_svirt_image_sock_files',`
+ interface(`virt_create_svirt_image_sock_files',`
+ gen_require(`
+ type svirt_image_t;
+ ')
+
+ allow $1 svirt_image_t:sock_file create_sock_file_perms;
+ ')
+')
+
+########################################
+##
+## Read and write virtlogd pipes.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+ifndef(`virtlogd_rw_pipes',`
+ interface(`virtlogd_rw_pipes',`
+ gen_require(`
+ type virtlogd_t;
+ ')
+
+ allow $1 virtlogd_t:fifo_file rw_fifo_file_perms;
+ ')
+')
diff --git a/nbdkit.spec b/nbdkit.spec
index 5fd7859b7260f1654bc1f1324223bfc8627c55eb..ce3dc13fab9a59a880ea4cd322839f79d1fe639f 100644
--- a/nbdkit.spec
+++ b/nbdkit.spec
@@ -1,29 +1,69 @@
%global _hardened_build 1
-#%global complete_test_arches x86-64
-%global patches_touch_autotools %{nil}
+%global modulename nbdkit
+%global selinuxtype targeted
Name: nbdkit
-Version: 1.32.6
+Version: 1.40.4
Release: 1
Summary: NBD server
License: BSD-3-Clause
-URL: https://github.com/libguestfs/nbdkit
-Source0: https://download.libguestfs.org/nbdkit/1.36-stable/nbdkit-%{version}.tar.gz
-Source1: https://download.libguestfs.org/nbdkit/1.36-stable/nbdkit-%{version}.tar.gz.sig
-Source2: libguestfs.keyring
-%if 0%{patches_touch_autotools}
-BuildRequires: autoconf, automake, libtool
-%endif
-%ifnarch %{complete_test_arches}
-BuildRequires: autoconf, automake, libtool
-%endif
-BuildRequires: gnutls gnutls-devel libselinux-devel python3-devel gnupg2 lua-devel socat iproute
-BuildRequires: libguestfs-devel libvirt-devel xz-devel zlib-devel libcurl-devel e2fsprogs-devel
-BuildRequires: bash-completion perl-devel perl(ExtUtils::Embed) ocaml >= 4.03 ocaml-ocamldoc
-BuildRequires: ruby-devel tcl-devel perl-podlators qemu-img
-#BuildRequires: gcc gcc-c++ perl-podlators zstd-devel libssh-devel
-#BuildRequires: bc gnutls-utils coreutils expect util-linux iproute jq socat
-Requires: nbdkit-server nbdkit-basic-plugins nbdkit-basic-filters
+URL: https://gitlab.com/nbdkit/nbdkit
+Source0: https://download.libguestfs.org/nbdkit/1.40-stable/nbdkit-%{version}.tar.gz
+
+# For nbdkit-selinux package:
+Source6: %{modulename}.te
+Source7: %{modulename}.if
+Source8: %{modulename}.fc
+
+BuildRequires: gcc make
+BuildRequires: autoconf automake libtool
+BuildRequires: pkgconfig(bash-completion) >= 2.0
+BuildRequires: pkgconfig(bzip2)
+BuildRequires: pkgconfig(com_err)
+BuildRequires: pkgconfig(ext2fs)
+BuildRequires: pkgconfig(gnutls) >= 3.5.18
+BuildRequires: pkgconfig(libcurl)
+BuildRequires: pkgconfig(libguestfs)
+BuildRequires: pkgconfig(liblzma)
+BuildRequires: pkgconfig(libselinux)
+BuildRequires: pkgconfig(libssh) >= 0.8.0
+BuildRequires: pkgconfig(libvirt)
+BuildRequires: pkgconfig(libzstd)
+BuildRequires: pkgconfig(lua)
+BuildRequires: pkgconfig(tcl)
+BuildRequires: pkgconfig(zlib) >= 1.2.3.5
+BuildRequires: ocaml
+BuildRequires: perl-devel
+BuildRequires: python3-devel
+BuildRequires: /usr/bin/cut
+BuildRequires: /usr/bin/stat
+BuildRequires: /usr/bin/truncate
+BuildRequires: /usr/bin/xorriso
+
+# Only for running the test suite:
+BuildRequires: /usr/bin/bc
+BuildRequires: /usr/bin/certtool
+BuildRequires: /usr/bin/cut
+BuildRequires: expect
+BuildRequires: glibc-utils
+BuildRequires: /usr/bin/hexdump
+BuildRequires: /usr/sbin/ip
+BuildRequires: jq
+BuildRequires: /usr/bin/qemu-img
+BuildRequires: /usr/bin/qemu-io
+BuildRequires: /usr/bin/qemu-nbd
+BuildRequires: /usr/sbin/sfdisk
+BuildRequires: /usr/bin/socat
+BuildRequires: /usr/sbin/ss
+BuildRequires: /usr/bin/stat
+
+Requires: nbdkit-server = %{version}-%{release}
+Requires: nbdkit-basic-plugins = %{version}-%{release}
+Requires: nbdkit-basic-filters = %{version}-%{release}
+
+Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
+
+Recommends: (%{name}-bash-completion if bash-completion)
%description
NBD (Network Block Device) is a protocol for accessing Block Devices (hard disks and disk-like things)
@@ -39,14 +79,12 @@ The key features are:
%package server
Summary: The nbdkit server
-License: BSD-3-Clause
%description server
This package contains the nbdkit server with no plugins or filters.
%package basic-plugins
Summary: Basic plugins for nbdkit
-License: BSD-3-Clause
Requires: nbdkit-server = %{version}-%{release}
Obsoletes: nbdkit-plugin-file < 1.1.19-1 nbdkit-plugin-nbd < 1.1.19-1 nbdkit-plugin-streaming < 1.1.19-1
@@ -82,69 +120,120 @@ trivial dependencies.
%package plugins
Summary: Plugins set
-License: BSD-3-Clause
-Provides: nbdkit-example-plugins nbdkit-curl-plugin nbdkit-plugin-curl = %{version}-%{release}
-Provides: nbdkit-ruby-plugin nbdkit-plugin-ruby = %{version}-%{release}
-Provides: nbdkit-tar-plugin nbdkit-plugin-tar = %{version}-%{release}
-Provides: nbdkit-tcl-plugin nbdkit-plugin-tcl = %{version}-%{release}
-Provides: nbdkit-xz-plugin nbdkit-plugin-xz = %{version}-%{release}
-Obsoletes: nbdkit-example-plugins nbdkit-plugin-examples < 1.1.19-1
-Obsoletes: nbdkit-curl-plugin nbdkit-plugin-curl <= %{version}-%{release}
-Obsoletes: nbdkit-ruby-plugin nbdkit-plugin-ruby <= %{version}-%{release}
-Obsoletes: nbdkit-tar-plugin nbdkit-plugin-tar <= %{version}-%{release}
-Obsoletes: nbdkit-tcl-plugin nbdkit-plugin-tcl <= %{version}-%{release}
-Obsoletes: nbdkit-xz-plugin nbdkit-plugin-xz <= %{version}-%{release}
-Requires: nbdkit-server = %{version}-%{release} nbdkit-perl-plugin
-Provides: %{name}-S3-plugin %{name}-S3-plugin = %{version}-%{release}
-Provides: %{name}-cc-plugin %{name}-cc-plugin = %{version}-%{release}
-Provides: %{name}-cdi-plugin %{name}-cdi-plugin = %{version}-%{release}
-Provides: %{name}-linuxdisk-plugin %{name}-linuxdisk-plugin = %{version}-%{release}
-Provides: %{name}-tmpdisk-plugin %{name}-tmpdisk-plugin = %{version}-%{release}
-Provides: %{name}-eval-plugin %{name}-eval-plugin = %{version}-%{release}
-Provides: %{name}-floppy-plugin %{name}-floppy-plugin = %{version}-%{release}
-Provides: %{name}-full-plugin %{name}-full-plugin = %{version}-%{release}
-Provides: %{name}-info-plugin %{name}-info-plugin = %{version}-%{release}
-Provides: %{name}-ondemand-plugin %{name}-ondemand-plugin = %{version}-%{release}
-Provides: %{name}-partitioning-plugin %{name}-partitioning-plugin = %{version}-%{release}
-Provides: %{name}-sh-plugin %{name}-sh-plugin = %{version}-%{release}
-Provides: %{name}-sparse-random-plugin %{name}-sparse-random-plugin = %{version}-%{release}
-Obsoletes: %{name}-S3-plugin %{name}-S3-plugin <= %{version}-%{release}
-Obsoletes: %{name}-cc-plugin %{name}-cc-plugin <= %{version}-%{release}
-Obsoletes: %{name}-cdi-plugin %{name}-cdi-plugin <= %{version}-%{release}
-Obsoletes: %{name}-linuxdisk-plugin %{name}-linuxdisk-plugin <= %{version}-%{release}
-Obsoletes: %{name}-tmpdisk-plugin %{name}-tmpdisk-plugin <= %{version}-%{release}
+Provides: nbdkit-example-plugins = %{version}-%{release}
+Provides: nbdkit-plugin-curl = %{version}-%{release}
+Provides: nbdkit-plugin-tar = %{version}-%{release}
+Provides: nbdkit-plugin-xz = %{version}-%{release}
+Obsoletes: nbdkit-example-plugins < %{version}-%{release}
+Obsoletes: nbdkit-plugin-examples < %{version}-%{release}
+Obsoletes: nbdkit-curl-plugin < %{version}-%{release}
+Obsoletes: nbdkit-plugin-curl < %{version}-%{release}
+Obsoletes: nbdkit-ruby-plugin < %{version}-%{release}
+Obsoletes: nbdkit-plugin-ruby < %{version}-%{release}
+Obsoletes: nbdkit-tar-plugin < %{version}-%{release}
+Obsoletes: nbdkit-plugin-tar < %{version}-%{release}
+Obsoletes: nbdkit-xz-plugin < %{version}-%{release}
+Obsoletes: nbdkit-plugin-xz < %{version}-%{release}
+Requires: nbdkit-server = %{version}-%{release}
+Requires: nbdkit-perl-plugin = %{version}-%{release}
+Provides: %{name}-linuxdisk-plugin = %{version}-%{release}
+Requires: e2fsprogs
+Provides: %{name}-tmpdisk-plugin = %{version}-%{release}
+Requires: util-linux
+Suggests: xfsprogs
+Provides: %{name}-eval-plugin = %{version}-%{release}
+Provides: %{name}-floppy-plugin = %{version}-%{release}
+Provides: %{name}-full-plugin = %{version}-%{release}
+Provides: %{name}-info-plugin = %{version}-%{release}
+Provides: %{name}-ondemand-plugin = %{version}-%{release}
+Provides: %{name}-partitioning-plugin = %{version}-%{release}
+Provides: %{name}-sh-plugin = %{version}-%{release}
+Provides: %{name}-sparse-random-plugin = %{version}-%{release}
+Provides: %{name}-gcs-plugin = %{version}-%{release}
+Obsoletes: %{name}-linuxdisk-plugin < %{version}-%{release}
+Obsoletes: %{name}-tmpdisk-plugin < %{version}-%{release}
+Obsoletes: %{name}-gcs-plugin < %{version}-%{release}
%description plugins
This package contains a set of plugins for nbdkit.
+%package selinux
+Summary: %{name} SELinux policy
+BuildArch: noarch
+Requires: selinux-policy-%{selinuxtype}
+Requires(post):selinux-policy-%{selinuxtype}
+BuildRequires: selinux-policy-devel
+%{?selinux_requires}
+
+%description selinux
+%{nbdkit} SELinux policy module.
+
%package guestfs-plugin
Summary: libguestfs plugin for nbdkit
-License: BSD-3-Clause
Requires: nbdkit-server = %{version}-%{release}
Provides: nbdkit-plugin-guestfs = %{version}-%{release}
-Obsoletes: nbdkit-plugin-guestfs <= %{version}-%{release}
+Obsoletes: nbdkit-plugin-guestfs < %{version}-%{release}
%description guestfs-plugin
This package is a libguestfs plugin for nbdkit.
%package libvirt-plugin
Summary: Libvirt plugin for nbdkit
-License: BSD-3-Clause
Requires: nbdkit-server = %{version}-%{release}
Provides: nbdkit-plugin-libvirt = %{version}-%{release}
-Obsoletes: nbdkit-plugin-libvirt <= %{version}-%{release}
+Obsoletes: nbdkit-plugin-libvirt < %{version}-%{release}
%description libvirt-plugin
This package is a libvirt plugin for nbdkit. It lets you access
libvirt guest disks readonly. It is implemented using the libvirt
virDomainBlockPeek API.
+%package cc-plugin
+Summary: Write small inline C plugins and scripts for %{name}
+Requires: %{name}-server = %{version}-%{release}
+Obsoletes: %{name}-cc-plugin < %{version}-%{release}
+Requires: gcc
+Requires: /usr/bin/cat
+
+%description cc-plugin
+This package contains support for writing inline C plugins and scripts
+for %{name}. NOTE this is NOT the right package for writing plugins
+in C, install %{name}-devel for that.
+
+%package cdi-plugin
+Summary: Containerized Data Import plugin for %{name}
+Requires: %{name}-server = %{version}-%{release}
+Obsoletes: %{name}-cdi-plugin < %{version}-%{release}
+Requires: jq
+Requires: podman
+
+%description cdi-plugin
+This package contains Containerized Data Import support for %{name}.
+
+%package S3-plugin
+Summary: Amazon S3 and Ceph plugin for %{name}
+Requires: %{name}-python-plugin = %{version}-%{release}
+Requires: %{name}-server = %{version}-%{release}
+Obsoletes: %{name}-S3-plugin < %{version}-%{release}
+Requires: python3dist(boto3)
+
+%description S3-plugin
+This package lets you open disk images stored in Amazon S3
+or Ceph using %{name}.
+
+%package iso-plugin
+Summary: Virtual ISO 9660 plugin for %{name}
+Requires: %{name}-server = %{version}-%{release}
+Requires: xorriso
+
+%description iso-plugin
+This package is a virtual ISO 9660 (CD-ROM) plugin for %{name}.
+
%package ocaml-plugin
Summary: OCaml plugin for nbdkit
-License: BSD-3-Clause
Requires: nbdkit-server = %{version}-%{release}
Provides: nbdkit-plugin-ocaml = %{version}-%{release}
-Obsoletes: nbdkit-plugin-ocaml <= %{version}-%{release}
+Obsoletes: nbdkit-plugin-ocaml < %{version}-%{release}
%description ocaml-plugin
This package lets you run OCaml plugins for nbdkit.
@@ -153,43 +242,55 @@ nbdkit-ocaml-plugin-devel.
%package ocaml-plugin-devel
Summary: OCaml development environment for nbdkit
-License: BSD-3-Clause
Requires: nbdkit-server = %{version}-%{release} nbdkit-ocaml-plugin = %{version}-%{release}
Provides: nbdkit-plugin-ocaml-devel = %{version}-%{release}
-Obsoletes: nbdkit-plugin-ocaml-devel <= %{version}-%{release}
+Obsoletes: nbdkit-plugin-ocaml-devel < %{version}-%{release}
%description ocaml-plugin-devel
This package lets you write OCaml plugins for nbdkit.
%package perl-plugin
Summary: Perl plugin for nbdkit
-License: BSD-3-Clause
Requires: nbdkit-server = %{version}-%{release}
Provides: nbdkit-plugin-perl = %{version}-%{release}
-Obsoletes: nbdkit-plugin-perl <= %{version}-%{release}
+Obsoletes: nbdkit-plugin-perl < %{version}-%{release}
%description perl-plugin
This package lets you write Perl plugins for nbdkit.
-%package python3-plugin
+%package python-plugin
Summary: Python 3 plugin for nbdkit
-License: BSD-3-Clause
Requires: nbdkit-server = %{version}-%{release}
Provides: nbdkit-plugin-python3 = %{version}-%{release}
-Obsoletes: nbdkit-plugin-python3 <= %{version}-%{release}
+Obsoletes: nbdkit-plugin-python3 < %{version}-%{release}
Provides: nbdkit-python-plugin-common = %{version}-%{release}
-Obsoletes: nbdkit-python-plugin-common <= %{version}-%{release}
+Obsoletes: nbdkit-python-plugin-common < %{version}-%{release}
+Provides: nbdkit-python3-plugin = %{version}-%{release}
+Obsoletes: nbdkit-python3-plugin < %{version}-%{release}
-%description python3-plugin
+%description python-plugin
This package lets you write Python 3 plugins for nbdkit.
+%package tcl-plugin
+Summary: Tcl plugin for %{name}
+Requires: %{name}-server = %{version}-%{release}
+
+%description tcl-plugin
+This package lets you write Tcl plugins for %{name}.
+
+%package lua-plugin
+Summary: Lua plugin for %{name}
+Requires: %{name}-server = %{version}-%{release}
+
+%description lua-plugin
+This package lets you write Lua plugins for %{name}.
+
%ifarch x86_64
%package vddk-plugin
Summary: VMware VDDK plugin for nbdkit
-License: BSD-3-Clause
Requires: nbdkit-server = %{version}-%{release}
Provides: nbdkit-plugin-vddk = %{version}-%{release}
-Obsoletes: nbdkit-plugin-vddk <= %{version}-%{release}
+Obsoletes: nbdkit-plugin-vddk < %{version}-%{release}
%description vddk-plugin
This package is a plugin for nbdkit which connects to
@@ -198,7 +299,6 @@ VMware VDDK for accessing VMware disks and servers.
%package basic-filters
Summary: Basic filters for nbdkit
-License: BSD-3-Clause
Requires: nbdkit-server = %{version}-%{release}
Provides: %{name}-blocksize-filter = %{version}-%{release}
Provides: %{name}-cache-filter = %{version}-%{release}
@@ -238,6 +338,9 @@ Provides: %{name}-gzip-filter = %{version}-%{release}
Provides: %{name}-lua-filter = %{version}-%{release}
Provides: %{name}-retry-request-filter = %{version}-%{release}
Provides: %{name}-tar-filter = %{version}-%{release}
+Provides: %{name}-xz-filter = %{version}-%{release}
+Provides: %{name}-bzip2-filter = %{version}-%{release}
+
%description basic-filters
This package contains some basic filters for nbdkit which have only
trivial dependencies.
@@ -266,8 +369,7 @@ trivial dependencies.
%package devel
Summary: Development files and documentation for nbdkit
-License: BSD-3-Clause
-Requires: nbdkit-server = %{version}-%{release} pkgconfig
+Requires: nbdkit-server = %{version}-%{release}
%description devel
This package contains development files and documentation
@@ -277,79 +379,89 @@ plugins for nbdkit.
%package bash-completion
Summary: Bash tab-completion for nbdkit
BuildArch: noarch
-Requires: bash-completion >= 2.0 nbdkit-server = %{version}-%{release}
+Requires: bash-completion >= 2.0
+Requires: nbdkit-server = %{version}-%{release}
+Supplements: (bash-completion >= 2.0 and nbdkit-server)
%description bash-completion
Install this package if you want intelligent bash tab-completion
for nbdkit.
-%package help
-Summary: Documents for nbdkit
-Buildarch: noarch
-Requires: man info
-
-%description help
-Man pages and other related documents for nbdkit
+%package_help
%prep
-tmphome="$(mktemp -d)"
-gpgv2 --homedir "$tmphome" --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%autosetup -p1
-%if 0%{patches_touch_autotools}
-autoreconf -i
-%endif
-%ifnarch %{complete_test_arches}
-sed -i -e '/^if HAVE_LIBGUESTFS/,/^endif HAVE_LIBGUESTFS/d' tests/Makefile.am
-sed -i -e '/^if HAVE_GUESTFISH/,/^endif HAVE_GUESTFISH/d' tests/Makefile.am
-autoreconf -i
-%endif
+# SELinux policy (originally from selinux-policy-contrib)
+# this policy module will override the production module
+mkdir selinux
+cp -p %{S:6} selinux/
+cp -p %{S:7} selinux/
+cp -p %{S:8} selinux/
%build
-export LDFLAGS="$LDFLAGS -Wl,-z,now"
-copy="$(mktemp -d)"
-cp -a . "$copy"
-mv "$copy" python3
-%configure --disable-static --with-libguestfs --with-libvirt --with-tls-priority=@NBDKIT,SYSTEM
+autoreconf -i
+%configure \
+ --disable-static \
+ --with-extra='%{_vendor} %{version}-%{release}' \
+ --with-tls-priority=@NBDKIT,SYSTEM \
+ --with-bash-completions \
+ --with-curl \
+ --with-gnutls \
+ --with-liblzma \
+ --without-libnbd \
+ --with-manpages \
+ --with-ssh \
+ --with-zlib \
+ --without-zlib-ng \
+ --enable-linuxdisk \
+ --enable-python \
+ --disable-golang \
+ --disable-rust \
+ --disable-valgrind \
+ --enable-ocaml \
+ --enable-lua \
+ --enable-perl \
+ --enable-tcl \
+ --disable-torrent \
+ --with-ext2 \
+ --with-iso \
+ --with-libvirt \
+ --without-libblkio \
+%ifarch x86_64
+ --enable-vddk \
+%else
+ --disable-vddk \
+%endif
+ --with-libguestfs \
+ --disable-libguestfs-tests \
+ %{nil}
%make_build
-
-pushd python3
-export PYTHON=%{_bindir}/python3
-%configure --disable-static --disable-lua --disable-tcl \
- --without-curl --without-liblzma --without-zlib
-grep '^PYTHON_VERSION = 3' Makefile
-%make_build
-unset PYTHON
-popd
+make -f %{_datadir}/selinux/devel/Makefile %{modulename}.pp
+bzip2 -9 %{modulename}.pp
%install
-pushd python3
%make_install
-popd
+%delete_la
-pushd $RPM_BUILD_ROOT%{_libdir}/nbdkit/plugins/
-mv nbdkit-python-plugin.so nbdkit-python3-plugin.so
-popd
+install -D -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
+install -D -p -m 0644 selinux/%{modulename}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{modulename}.if
-find $RPM_BUILD_ROOT -name '*.la' -delete
+# remove gcs plugin, as it needs python3-google-cloud-storage, which is not available under openEuler
+rm -f %{buildroot}%{_libdir}/%{name}/plugins/nbdkit-gcs-plugin
+rm -f %{buildroot}%{_mandir}/man1/nbdkit-gcs-plugin.1*
%check
function skip_test ()
-
{
-
for f in "$@"; do
-
rm -f "$f"
-
echo 'exit 77' > "$f"
-
chmod +x "$f"
-
done
-
}
+
skip_test tests/test-shebang-cc.sh tests/test-floppy.sh tests/test-eval-file.sh
skip_test tests/test-linuxdisk.sh tests/test-ondemand.sh tests/test-partitioning2.sh
skip_test tests/test-partitioning3.sh tests/test-partitioning5.sh tests/test-tar.sh
@@ -358,60 +470,114 @@ skip_test tests/test-old-plugins-x86_64-Linux-v1.8.4.sh
skip_test tests/test-old-plugins-x86_64-Linux-v1.12.8.sh
skip_test tests/test-old-plugins-x86_64-Linux-v1.2.8.sh
skip_test tests/test-old-plugins-x86_64-Linux-v1.0.0.sh
+skip_test tests/test-floppy-size.sh tests/test-spinning-mkfs.sh
+skip_test tests/test-iso.sh
mkdir -p $HOME/.cache/libvirt
export LIBGUESTFS_DEBUG=1
export LIBGUESTFS_TRACE=1
-find -name *.log
-make check -j1 || {
- cat tests/test-suite.log
- exit 1
- }
-
-%ifarch %{complete_test_arches}
-pushd python3
-make check -j1 -C tests TESTS=test-python || {
+%make_build check || {
cat tests/test-suite.log
exit 1
}
-popd
-%endif
-%post ocaml-plugin -p /sbin/ldconfig
-%postun ocaml-plugin -p /sbin/ldconfig
%files
%files server
-%doc README.md LICENSE
+%license LICENSE
+%doc README.md
%{_sbindir}/nbdkit
-%dir %{_libdir}/nbdkit/{plugins,filters}
+%dir %{_libdir}/%{name}
+%dir %{_libdir}/%{name}/plugins
+%{_libdir}/%{name}/plugins/nbdkit-null-plugin.so
+%dir %{_libdir}/%{name}/filters
%files basic-plugins
-%doc README.md LICENSE
-%{_libdir}/nbdkit/plugins/{nbdkit-data-plugin.so,nbdkit-file-plugin.so,nbdkit-memory-plugin.so}
-%{_libdir}/nbdkit/plugins/{nbdkit-nbd-plugin.so,nbdkit-null-plugin.so,nbdkit-pattern-plugin.so}
-%{_libdir}/nbdkit/plugins/{nbdkit-random-plugin.so,nbdkit-split-plugin.so}
-%{_libdir}/nbdkit/plugins/{nbdkit-streaming-plugin.so,nbdkit-zero-plugin.so}
+%license LICENSE
+%doc README.md
+%{_libdir}/%{name}/plugins/nbdkit-data-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-eval-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-file-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-floppy-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-full-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-info-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-memory-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-ondemand-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-ones-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-partitioning-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-pattern-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-random-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-sh-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-sparse-random-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-split-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-zero-plugin.so
%files plugins
-%doc README.md LICENSE
-%{_libdir}/nbdkit/plugins/{nbdkit-example*-plugin.so,nbdkit-example4-plugin,nbdkit-curl-plugin.so}
-%{_libdir}/nbdkit/plugins/{nbdkit-ruby-plugin.so,nbdkit-tar-plugin,nbdkit-tcl-plugin.so,nbdkit-xz-plugin.so}
-%{_libdir}/nbdkit/plugins/{nbdkit-S3-plugin,nbdkit-cc-plugin.so,nbdkit-cdi-plugin.so,nbdkit-eval-plugin.so}
-%{_libdir}/nbdkit/plugins/{nbdkit-floppy-plugin.so,nbdkit-full-plugin.so,nbdkit-info-plugin.so}
-%{_libdir}/nbdkit/plugins/{nbdkit-linuxdisk-plugin.so,nbdkit-ondemand-plugin.so,nbdkit-partitioning-plugin.so}
-%{_libdir}/nbdkit/plugins/{nbdkit-sh-plugin.so,nbdkit-sparse-random-plugin.so,nbdkit-tmpdisk-plugin.so}
-#%%{_libdir}/nbdkit/plugins/{nbdkit-ones-plugin.so,nbdkit-ssh-plugin.so}
+%license LICENSE
+%doc README.md
+%{_libdir}/%{name}/plugins/nbdkit-curl-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-eval-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-example1-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-example2-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-example3-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-example4-plugin
+%{_libdir}/%{name}/plugins/nbdkit-floppy-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-full-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-info-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-linuxdisk-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-ondemand-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-partitioning-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-sh-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-sparse-random-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-ssh-plugin.so
+%{_libdir}/%{name}/plugins/nbdkit-tmpdisk-plugin.so
+
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post selinux
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+ %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
+fi
+
+%posttrans selinux
+%selinux_relabel_post -s %{selinuxtype}
+
+%files iso-plugin
+%doc README.md
+%license LICENSE
+%{_libdir}/%{name}/plugins/nbdkit-iso-plugin.so
%files guestfs-plugin
-%doc README.md LICENSE
-%{_libdir}/nbdkit/plugins/nbdkit-guestfs-plugin.so
+%license LICENSE
+%doc README.md
+%{_libdir}/%{name}/plugins/nbdkit-guestfs-plugin.so
%files libvirt-plugin
-%doc README.md LICENSE
-%{_libdir}/nbdkit/plugins/nbdkit-libvirt-plugin.so
+%license LICENSE
+%doc README.md
+%{_libdir}/%{name}/plugins/nbdkit-libvirt-plugin.so
+
+%files cc-plugin
+%doc README.md
+%license LICENSE
+%{_libdir}/%{name}/plugins/nbdkit-cc-plugin.so
+
+%files cdi-plugin
+%doc README.md
+%license LICENSE
+%{_libdir}/%{name}/plugins/nbdkit-cdi-plugin.so
+
+%files S3-plugin
+%doc README.md
+%license LICENSE
+%{_libdir}/%{name}/plugins/nbdkit-S3-plugin
%files ocaml-plugin
-%doc README.md LICENSE
+%license LICENSE
+%doc README.md
%{_libdir}/libnbdkitocaml.so.*
%files ocaml-plugin-devel
@@ -419,45 +585,91 @@ popd
%{_libdir}/ocaml/NBDKit.*
%files perl-plugin
-%doc README.md LICENSE
-%{_libdir}/nbdkit/plugins/nbdkit-perl-plugin.so
+%license LICENSE
+%doc README.md
+%{_libdir}/%{name}/plugins/nbdkit-perl-plugin.so
+
+%files python-plugin
+%license LICENSE
+%doc README.md
+%{_libdir}/%{name}/plugins/nbdkit-python-plugin.so
+
+%files tcl-plugin
+%doc README.md
+%license LICENSE
+%{_libdir}/%{name}/plugins/nbdkit-tcl-plugin.so
-%files python3-plugin
-%doc README.md LICENSE
-%{_libdir}/nbdkit/plugins/nbdkit-python3-plugin.so
+%files lua-plugin
+%doc README.md
+%license LICENSE
+%{_libdir}/%{name}/plugins/nbdkit-lua-plugin.so
%ifarch x86_64
%files vddk-plugin
-%doc README.md LICENSE
-%{_libdir}/nbdkit/plugins/nbdkit-vddk-plugin.so
+%license LICENSE
+%doc README.md
+%{_libdir}/%{name}/plugins/nbdkit-vddk-plugin.so
%endif
%files basic-filters
-%doc README.md LICENSE
-%{_libdir}/nbdkit/filters/{nbdkit-blocksize-filter.so,nbdkit-cache-filter.so,nbdkit-cow-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-delay-filter.so,nbdkit-error-filter.so,nbdkit-fua-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-log-filter.so,nbdkit-nozero-filter.so,nbdkit-offset-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-partition-filter.so,nbdkit-truncate-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-cacheextents-filter.so,nbdkit-checkwrite-filter.so,nbdkit-ddrescue-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-exitlast-filter.so,nbdkit-exitwhen-filter.so,nbdkit-exportname-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-extentlist-filter.so,nbdkit-ip-filter.so,nbdkit-limit-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-multi-conn-filter.so,nbdkit-nocache-filter.so,nbdkit-noextents-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-nofilter-filter.so,nbdkit-noparallel-filter.so,nbdkit-pause-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-rate-filter.so,nbdkit-readahead-filter.so,nbdkit-retry-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-retry-request-filter.so,nbdkit-stats-filter.so,nbdkit-swab-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-tar-filter.so,nbdkit-tls-fallback-filter.so,nbdkit-protect-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-ext2-filter.so,nbdkit-gzip-filter.so,nbdkit-lua-filter.so}
-%{_libdir}/nbdkit/filters/{nbdkit-blocksize-policy-filter.so,nbdkit-evil-filter.so,nbdkit-luks-filter.so,nbdkit-qcow2dec-filter.so,nbdkit-scan-filter.so}
-
+%license LICENSE
+%doc README.md
+%{_libdir}/%{name}/filters/nbdkit-blocksize-filter.so
+%{_libdir}/%{name}/filters/nbdkit-blocksize-policy-filter.so
+%{_libdir}/%{name}/filters/nbdkit-bzip2-filter.so
+%{_libdir}/%{name}/filters/nbdkit-cache-filter.so
+%{_libdir}/%{name}/filters/nbdkit-cacheextents-filter.so
+%{_libdir}/%{name}/filters/nbdkit-checkwrite-filter.so
+%{_libdir}/%{name}/filters/nbdkit-cow-filter.so
+%{_libdir}/%{name}/filters/nbdkit-ddrescue-filter.so
+%{_libdir}/%{name}/filters/nbdkit-delay-filter.so
+%{_libdir}/%{name}/filters/nbdkit-error-filter.so
+%{_libdir}/%{name}/filters/nbdkit-evil-filter.so
+%{_libdir}/%{name}/filters/nbdkit-exitlast-filter.so
+%{_libdir}/%{name}/filters/nbdkit-exitwhen-filter.so
+%{_libdir}/%{name}/filters/nbdkit-exportname-filter.so
+%{_libdir}/%{name}/filters/nbdkit-ext2-filter.so
+%{_libdir}/%{name}/filters/nbdkit-extentlist-filter.so
+%{_libdir}/%{name}/filters/nbdkit-fua-filter.so
+%{_libdir}/%{name}/filters/nbdkit-gzip-filter.so
+%{_libdir}/%{name}/filters/nbdkit-ip-filter.so
+%{_libdir}/%{name}/filters/nbdkit-limit-filter.so
+%{_libdir}/%{name}/filters/nbdkit-log-filter.so
+%{_libdir}/%{name}/filters/nbdkit-luks-filter.so
+%{_libdir}/%{name}/filters/nbdkit-multi-conn-filter.so
+%{_libdir}/%{name}/filters/nbdkit-nocache-filter.so
+%{_libdir}/%{name}/filters/nbdkit-noextents-filter.so
+%{_libdir}/%{name}/filters/nbdkit-nofilter-filter.so
+%{_libdir}/%{name}/filters/nbdkit-noparallel-filter.so
+%{_libdir}/%{name}/filters/nbdkit-nozero-filter.so
+%{_libdir}/%{name}/filters/nbdkit-offset-filter.so
+%{_libdir}/%{name}/filters/nbdkit-partition-filter.so
+%{_libdir}/%{name}/filters/nbdkit-pause-filter.so
+%{_libdir}/%{name}/filters/nbdkit-protect-filter.so
+%{_libdir}/%{name}/filters/nbdkit-qcow2dec-filter.so
+%{_libdir}/%{name}/filters/nbdkit-rate-filter.so
+%{_libdir}/%{name}/filters/nbdkit-readahead-filter.so
+%{_libdir}/%{name}/filters/nbdkit-readonly-filter.so
+%{_libdir}/%{name}/filters/nbdkit-retry-filter.so
+%{_libdir}/%{name}/filters/nbdkit-retry-request-filter.so
+%{_libdir}/%{name}/filters/nbdkit-rotational-filter.so
+%{_libdir}/%{name}/filters/nbdkit-scan-filter.so
+%{_libdir}/%{name}/filters/nbdkit-spinning-filter.so
+%{_libdir}/%{name}/filters/nbdkit-stats-filter.so
+%{_libdir}/%{name}/filters/nbdkit-swab-filter.so
+%{_libdir}/%{name}/filters/nbdkit-tar-filter.so
+%{_libdir}/%{name}/filters/nbdkit-tls-fallback-filter.so
+%{_libdir}/%{name}/filters/nbdkit-truncate-filter.so
+%{_libdir}/%{name}/filters/nbdkit-xz-filter.so
%files devel
+%license LICENSE
%doc OTHER_PLUGINS README.md TODO LICENSE
%doc plugins/example*/*.c
%doc plugins/example4/nbdkit-example4-plugin
%doc plugins/lua/example.lua
%doc plugins/perl/example.pl
%doc plugins/python/examples/*.py
-%doc plugins/ruby/example.rb
%doc plugins/tcl/example.tcl
%{_includedir}/nbdkit-common.h
%{_includedir}/nbdkit-filter.h
@@ -467,16 +679,24 @@ popd
%{_libdir}/pkgconfig/nbdkit.pc
%files bash-completion
-%doc LICENSE
+%license LICENSE
%dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/nbdkit
+%files selinux
+%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
+%{_datadir}/selinux/devel/include/distributed/%{modulename}.if
+%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
+
%files help
-%{_mandir}/man1/nbdkit*.1*
-%{_mandir}/man3/nbdkit-*.3*
-%{_mandir}/man3/NBDKit.3.gz
+%{_mandir}/man?/*
%changelog
+* Sat Oct 05 2024 Funda Wang - 1.40.4-1
+- update to 1.40.4
+- split out some plugins for dependencies
+- ruby plugin was removed in 1.40
+
* Tue Oct 17 2023 Ge Wang - 1.32.6-1
- update to version 1.32.6
diff --git a/nbdkit.te b/nbdkit.te
new file mode 100644
index 0000000000000000000000000000000000000000..dbc518e1a3bc09dc1d67f7a81fa4bfe5a061567a
--- /dev/null
+++ b/nbdkit.te
@@ -0,0 +1,100 @@
+policy_module(nbdkit, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+gen_require(`
+ type unconfined_t;
+')
+
+type nbdkit_t;
+type nbdkit_exec_t;
+application_domain(nbdkit_t, nbdkit_exec_t)
+mcs_constrained(nbdkit_t)
+role system_r types nbdkit_t;
+
+type nbdkit_home_t;
+userdom_user_home_content(nbdkit_home_t)
+
+type nbdkit_tmp_t;
+files_tmp_file(nbdkit_tmp_t)
+
+type nbdkit_unit_file_t;
+systemd_unit_file(nbdkit_unit_file_t)
+
+permissive nbdkit_t;
+
+########################################
+#
+# nbdkit local policy
+#
+allow nbdkit_t self:capability { setgid setuid };
+allow nbdkit_t self:fifo_file rw_fifo_file_perms;
+allow nbdkit_t self:netlink_route_socket rw_netlink_socket_perms;
+allow nbdkit_t self:process { fork setsockcreate signal_perms };
+allow nbdkit_t self:tcp_socket create_stream_socket_perms;
+allow nbdkit_t self:udp_socket create_socket_perms;
+
+manage_dirs_pattern(nbdkit_t, nbdkit_tmp_t, nbdkit_tmp_t)
+manage_files_pattern(nbdkit_t, nbdkit_tmp_t, nbdkit_tmp_t)
+userdom_user_tmp_filetrans(nbdkit_t, nbdkit_tmp_t, { dir file })
+
+manage_dirs_pattern(nbdkit_t, nbdkit_home_t, nbdkit_home_t)
+manage_files_pattern(nbdkit_t, nbdkit_home_t, nbdkit_home_t)
+userdom_user_home_dir_filetrans(nbdkit_t, nbdkit_home_t, { dir file })
+
+corenet_tcp_connect_http_port(nbdkit_t)
+corenet_tcp_connect_ssh_port(nbdkit_t)
+corenet_tcp_connect_tftp_port(nbdkit_t)
+corenet_tcp_bind_generic_port(nbdkit_t)
+corenet_tcp_bind_generic_node(nbdkit_t)
+
+domain_use_interactive_fds(nbdkit_t)
+
+files_read_etc_files(nbdkit_t)
+
+init_abstract_socket_activation(nbdkit_t)
+init_ioctl_stream_sockets(nbdkit_t)
+init_rw_stream_sockets(nbdkit_t)
+
+optional_policy(`
+ auth_use_nsswitch(nbdkit_t)
+')
+
+optional_policy(`
+ logging_send_syslog_msg(nbdkit_t)
+')
+
+optional_policy(`
+ miscfiles_read_localization(nbdkit_t)
+ miscfiles_read_generic_certs(nbdkit_t)
+')
+
+optional_policy(`
+ sysnet_dns_name_resolve(nbdkit_t)
+ sysnet_read_config(nbdkit_t)
+')
+
+optional_policy(`
+ userdom_read_user_home_content_files(nbdkit_t)
+ userdom_use_inherited_user_ptys(nbdkit_t)
+')
+
+optional_policy(`
+ virt_create_svirt_image_sock_files(nbdkit_t)
+ virt_read_qemu_pid_files(nbdkit_t)
+ virtlogd_rw_pipes(nbdkit_t)
+ virt_rw_svirt_image(nbdkit_t)
+ virt_rw_svirt_image_dirs(nbdkit_t)
+ virt_search_lib(nbdkit_t)
+ virt_stream_connect_svirt(nbdkit_t)
+')
+
+
+# FIXME: It would be nice to allow libvirt to transition nbdkit_exec_t to
+# nbdkit_t when libvirtd was started manually from the commandline (i.e. in
+# unconfined_t), but we don't want this transition to happen automatically
+# when starting directly from the shell. I'm not sure how to achieve this...
+#nbdkit_domtrans(unconfined_t, nbdkit_exec_t, nbdkit_t)
diff --git a/nbdkit.yaml b/nbdkit.yaml
index 5941bd5a772d2eb9470d0d87089772d8b5686022..afd8aca5c74b984e173f3027250e844abc8eb464 100644
--- a/nbdkit.yaml
+++ b/nbdkit.yaml
@@ -1,4 +1,4 @@
-version-ctrl: github
-src_repo: libguestfs/nbdkit
+version_control: git
+src_repo: https://gitlab.com/nbdkit/nbdkit.git
tag_prefix: ^v
-seperator: .
+separator: .