Re: [PATCH 0/9] tools: rewrite virt-pki-validate in C

Monday, 10 June 2024

On 6/7/24 16:26, Daniel P. Berrangé wrote:
...
 This was driven by the complaint that libvirt pulls in gnutls-utils

   https://src.fedoraproject.org/rpms/virt-viewer/pull-request/4

 but also it lets us remove more usage of Shell code from libvirt,
 as well as improving the consistency of certificate checks vs the
 runtime checks we do.

 Daniel P. Berrangé (9):
   rpc: split out helpers for TLS cert path location
   rpc: refactor method for checking session certificates
   rpc: split TLS cert validation into separate file
   docs: fix author credit for virt-pki-validate tool
   tools: split off common helpers for host validate tool
   tools: drop unused --version argument
   tools: stop checking init scripts & iptables config
   tools: reimplement virt-pki-validate in C
   tools: support validating user/custom PKI certs

  docs/manpages/virt-pki-validate.rst |   9 +-
  libvirt.spec.in                     |   2 -
  po/POTFILES                         |   3 +
  src/rpc/meson.build                 |   7 +-
  src/rpc/virnettlscert.c             | 553 ++++++++++++++++++++++++++
  src/rpc/virnettlscert.h             |  42 ++
  src/rpc/virnettlsconfig.c           | 202 ++++++++++
  src/rpc/virnettlsconfig.h           |  68 ++++
  src/rpc/virnettlscontext.c          | 586 +---------------------------
  tools/meson.build                   |  31 +-
  tools/virt-host-validate-ch.c       |  12 +-
  tools/virt-host-validate-common.c   | 308 ++++++---------
  tools/virt-host-validate-common.h   |  48 +--
  tools/virt-host-validate-lxc.c      |  18 +-
  tools/virt-host-validate-qemu.c     |  30 +-
  tools/virt-host-validate.c          |   2 +-
  tools/virt-login-shell-helper.c     |   2 +-
  tools/virt-pki-query-dn.c           |   2 +-
  tools/virt-pki-validate.c           | 424 ++++++++++++++++++++
  tools/virt-pki-validate.in          | 323 ---------------
  tools/virt-validate-common.c        | 110 ++++++
  tools/virt-validate-common.h        |  57 +++
  22 files changed, 1670 insertions(+), 1169 deletions(-)
  create mode 100644 src/rpc/virnettlscert.c
  create mode 100644 src/rpc/virnettlscert.h
  create mode 100644 src/rpc/virnettlsconfig.c
  create mode 100644 src/rpc/virnettlsconfig.h
  create mode 100644 tools/virt-pki-validate.c
  delete mode 100644 tools/virt-pki-validate.in
  create mode 100644 tools/virt-validate-common.c
  create mode 100644 tools/virt-validate-common.h

Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com&gt;

Michal

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [PATCH 0/9] tools: rewrite virt-pki-validate in C