Update some docs and test cases to use 'on' | 'off' as the preferred
value for bool options.
Reviewed-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd(a)redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/system/vnc-security.rst | 10 +++++-----
include/authz/listfile.h | 2 +-
qemu-options.hx | 4 ++--
tests/qemu-iotests/233 | 4 ++--
4 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/docs/system/vnc-security.rst b/docs/system/vnc-security.rst
index 558e4faffc..ebca656d87 100644
--- a/docs/system/vnc-security.rst
+++ b/docs/system/vnc-security.rst
@@ -65,7 +65,7 @@ encrypted session.
.. parsed-literal::
|qemu_system| [...OPTIONS...] \
- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=no \
+ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=off \
-vnc :1,tls-creds=tls0 -monitor stdio
In the above example ``/etc/pki/qemu`` should contain at least three
@@ -84,12 +84,12 @@ connecting. The server will request that the client provide a
certificate, which it will then validate against the CA certificate.
This is a good choice if deploying in an environment with a private
internal certificate authority. It uses the same syntax as previously,
-but with ``verify-peer`` set to ``yes`` instead.
+but with ``verify-peer`` set to ``on`` instead.
.. parsed-literal::
|qemu_system| [...OPTIONS...] \
- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
+ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
-vnc :1,tls-creds=tls0 -monitor stdio
.. _vnc_005fsec_005fcertificate_005fpw:
@@ -103,7 +103,7 @@ authentication to provide two layers of authentication for clients.
.. parsed-literal::
|qemu_system| [...OPTIONS...] \
- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
+ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
-vnc :1,tls-creds=tls0,password -monitor stdio
(qemu) change vnc password
Password: ********
@@ -145,7 +145,7 @@ x509 options:
.. parsed-literal::
|qemu_system| [...OPTIONS...] \
- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
+ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
-vnc :1,tls-creds=tls0,sasl -monitor stdio
.. _vnc_005fsetup_005fsasl:
diff --git a/include/authz/listfile.h b/include/authz/listfile.h
index 0a1e5bddd3..0b7fe72198 100644
--- a/include/authz/listfile.h
+++ b/include/authz/listfile.h
@@ -73,7 +73,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile,
* The object can be created on the command line using
*
* -object authz-list-file,id=authz0,\
- * filename=/etc/qemu/myvm-vnc.acl,refresh=yes
+ * filename=/etc/qemu/myvm-vnc.acl,refresh=on
*
*/
struct QAuthZListFile {
diff --git a/qemu-options.hx b/qemu-options.hx
index 9172d51659..d0410f0512 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5027,7 +5027,7 @@ SRST
Note the use of quotes due to the x509 distinguished name
containing whitespace, and escaping of ','.
- ``-object authz-listfile,id=id,filename=path,refresh=yes|no``
+ ``-object authz-listfile,id=id,filename=path,refresh=on|off``
Create an authorization object that will control access to
network services.
@@ -5072,7 +5072,7 @@ SRST
# |qemu_system| \\
... \\
- -object
authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=yes \\
+ -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=on
\\
...
``-object authz-pam,id=id,service=string``
diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233
index 7ce5764903..da150cd27b 100755
--- a/tests/qemu-iotests/233
+++ b/tests/qemu-iotests/233
@@ -84,7 +84,7 @@ echo
echo "== check plain client to TLS server fails =="
nbd_server_start_tcp_socket \
- --object
tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \
+ --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on
\
--tls-creds tls0 \
-f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log"
@@ -129,7 +129,7 @@ echo "== check TLS with authorization =="
nbd_server_stop
nbd_server_start_tcp_socket \
- --object
tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \
+ --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on
\
--object "authz-simple,id=authz0,identity=CN=localhost,, \
O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \
--tls-authz authz0 \
--
2.29.2