On Tue, Jun 05, 2018 at 13:17:46 +0200, Michal Privoznik wrote:
On 06/05/2018 11:43 AM, Daniel P. Berrangé wrote:
On Tue, Jun 05, 2018 at 10:45:55AM +0200, Michal Privoznik wrote:
We are building with GnuTLS everywhere because GnuTLS is widely available. In addition after recent patches Libvirt relies on GnuTLS' PRNG.
This second sentance isn't true AFAIK - we still have fallback to /dev/urandom - GNUTLS is merely the first choice.
Okay. But after Peter's patches we do rely on GnuTLS more than ever ;-) I'll reword and resend though.
Not really. I just consolidated some code paths so now we actually check that gnutls is present for disks with secret. It would hit the error in a different place otherwise, this just broke the testsuite. A naive fix would be to disable those tests when gnutls is not present, but if we are going to make it always present it seems a waste of effort.