> > > It could save a lot of work because everybody have the chance to install > what > he want in a virtual machine. Also, I think it is safer to put my owncloud > into a virtual machine than to put is directly on my IPFire. Also, it could > save energy because a home user has to run only one real computer. > > It is probably not more secure to run a KVM machine. Breaking out of that is > easy enough. However, I would also like to see some things installed on a > different system instead of on IPFire itself. Just because I think that > there > are better distributions out there to host owncloud and similar things. It > will > also allow to migrate this functionality from a physical machine to IPFire > or > from IPFire to a physcial machine later. That is true. There are better distributions for owncloud and so on, that was also my motivation to build libvirt for IPFire. IPFire is a very good firewall distribution, but it is not a good distribution for web hosting. But that is not a fault because IPFire is not developed for that, and this perfect. My thought was to use a virtual machine on my IPfire to server all other things I need because why should I compile 20 libraries when I have to compile 10 and then I could install everything in a virtual machine that I want. > > > Otherwise, libvirt is one more security risk and it is possible to break > out > of a virtual machine and attack the host. > So these are some security aspects, but in the moment, I think there are > more > benefits than disadvantages. > But I would like to hear your opinions on this topic. > > So what are the dependencies for libvirt and what have to be done on > existing > packages. > > Hard dependencies > > util-macros > libpciaccess > libyajl > > nice to have ( increase the usability) > > opus > python-six > python-pyparsing > spice-protocol > spice > > These packages provide a protocol similar to vnc (http://www.spice-space.or > g/) > > These look okay. Basically anything that is free software and actively > maintained upstream should be okay. Please consider to reduce size as best > as > you can. It does not have to fit into a megabyte all together, but avoid > adding > things that are not useful. Thanks. I will have a look at spice and if we really need it otherwise this is the technology which is actively developed and is comparison tho vnc very fast. I try it with vnc but it is horrible to install a server when your monitor show only 5 pictures per second. So I will have a look on that, but i do not see a real change to reduce the amount of packages.
I think spice should be included. I assume that most people will run something like Windows in this to have a machine on a remote network to connect to and do debugging. In that case, a good remote screen protocol like spice is necessary.
> optional ( create errors on start up but nothing more) > > pm-utils > dmidecode > > Add these too. I will drop this.
I was rather saying that you should build these packages. I would like to add dmidecode to the core system any way.

Sorry, I miss understand you. I will build these things.

> what have to be done on existing addons > > nmap: update to the latest version > (to have a ncat version which supports the -U options, this is required to > communicate over a normal ssh session) > > Please send updates as individual patches up front. Ok, I will send patches for everything that I listed in these part. > > > ebtables: create some links > (libvirt search in the wrong directory for the binaries) > > Where? Libvirt looks in the /sbin directory for the binaries These are the 3 symlinks ln -s /usr/local/sbin/ebtables-save /sbin/ebtables-save ln -s /usr/local/sbin/ebtables /sbin/ebtables ln -s /usr/local/sbin/ebtables-restore /sbin/ebtables-restore
We should probably move it to /usr/sbin then and libvirt should be able to find it there. Would you be up to send a patch for that, too?

Yes, i will send a patch for that.

> dnsmasq > enable > HAVE_DHCP > HAVE_SCRIPT > HAVE_TFTP > but I have to check this again on i686 HAVE_SCRIPT is enough, in the > moment I > have not the time to test where the problem is, but I will do this in the > next weeks. > > This will probably be a bigger issue. We are using dnsmasq just as a DNS > proxy > and do not use the DHCP component. If that should be used we either have to > disable this in our other configuration or ship a second copy. I would like > to > avoid the latter. I guessed that this would be a big problem. Libvirt start it own dnsmasq daemons so the second copy is maybe an alternative, but you are right this not a good solution. The problem is that libvirt require the DHCP option otherwise, the whole network configuration does not work. That is a big problem and make the whole thing around dnmasq more complicated. I sad to say this but in the moment, I have no real idea what we could do.
We will figure this out. Start building the rest and we will have a look at this when we arrive at this point.

Ok.

> So that is it. > Now I am waiting for your opinion and what you think about this :-). > > Do you have code for this already? Do you have a git repository or do you > need > one? We could host things if needed. I have a local git repository with all changes. But I have no online git repository. I would be very cool and helpfull if you could host one for me. :- ). A big thanks for the offer that you could host the things.
No worries :) I will send you another email about this.

Thank you :)

> > > Regards Jonatan > > Ps. I would maintain these packages if they become official packages. > > That is a huge requirement. We just don't have the man power to do this > ourselves. Although we are keen to support you when ever needed. Thanks for the help. I will maintain this packages if libvirt become an official addon qemu and it dependencies. (When I maintain libvirt I think I make sense to maintain qemu, because libvirt is nothing without qemu. ) libvirt util-macros libpciaccess libyajl spice spice-protocol python-pyparsing python-six opus I know that the project has not he power to maintain all these packages, so for me it is logical to say if I want libvirt in IPFire, I have to maintain libvirt. Nevertheless, a big thanks that you want to support me if there are problems.
We have a development Jabber channel in case you need help with the build system. Someone should usually be around.

Thank you for this informtaion. I will use it if I need help.

> > > PSS. I use a new e-mail address because my old one is currently blocked by > this server. > > Which one is that? Could you maybe email me details about that in private? > > Best, > -Michael I will write you a second E-Mail on this topic. Thanks to all for the opinions on that topic. Regards Jonatan
-Michael