3:45 a.m.
As mentioned in discussion to my PRNG patches [1] we use GnuTLS
functions widely. Therefore, make GnuTLS required at build time.
This enables us to drop most of #ifdef WITH_GNULS we have. Not all of
them though because we still want libvirt-setuid-rpc-client.la to build
without GnuTLS.
I should also mention that surprisingly this breaks travis. This time,
it's Ubuntu that lacks new enough GnuTLS and not OSX. But after Peter's
patches travis is broken anyway (on GnuTLS).
Michal Privoznik (3):
configure: Require GnuTLS
build: Build gnutls related sources unconditionally
src: Drop most of #ifdef WITH_GNUTLS
configure.ac | 2 --
m4/virt-gnutls.m4 | 4 ---
src/Makefile.am | 7 +----
src/locking/lock_daemon.c | 4 ---
src/logging/log_daemon.c | 4 ---
src/lxc/lxc_controller.c | 2 --
src/qemu/qemu_migration_cookie.c | 12 +++-----
src/remote/remote_daemon.c | 23 ---------------
src/remote/remote_daemon_dispatch.c | 2 --
src/rpc/Makefile.inc.am | 14 ++-------
src/rpc/virnetdaemon.h | 4 +--
src/rpc/virnetserver.c | 6 ----
src/rpc/virnetserver.h | 6 +---
src/rpc/virnetserverclient.c | 57 +++----------------------------------
src/rpc/virnetserverclient.h | 8 ------
src/rpc/virnetserverservice.c | 24 ----------------
src/rpc/virnetserverservice.h | 10 -------
src/util/vircrypto.c | 43 ++--------------------------
tests/Makefile.am | 12 ++------
tests/qemuxml2argvtest.c | 15 ----------
tests/vircryptotest.c | 24 +++++-----------
tests/virfilecachetest.c | 18 +++---------
tests/virnetdaemontest.c | 8 ------
tests/virnetserverclienttest.c | 2 --
tests/virrandommock.c | 8 ++----
25 files changed, 32 insertions(+), 287 deletions(-)
--
2.16.4
3:45 a.m.
New subject: [libvirt] [PATCH 1/3] configure: Require GnuTLS
We are building with GnuTLS everywhere because GnuTLS is widely
available. In addition after recent patches Libvirt relies on
GnuTLS' PRNG.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
configure.ac | 2 --
m4/virt-gnutls.m4 | 4 ----
2 files changed, 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index 5378e49c0b..e25bf0a6ec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -216,7 +216,6 @@ fi
# RPC, we don't need several libraries.
if test "$with_remote" = "no" ; then
with_libvirtd=no
- with_gnutls=no
with_ssh2=no
with_sasl=no
with_libssh=no
@@ -250,7 +249,6 @@ LIBVIRT_ARG_DBUS
LIBVIRT_ARG_FIREWALLD
LIBVIRT_ARG_FUSE
LIBVIRT_ARG_GLUSTER
-LIBVIRT_ARG_GNUTLS
LIBVIRT_ARG_HAL
LIBVIRT_ARG_LIBPCAP
LIBVIRT_ARG_LIBSSH
diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
index 426a1a0348..6829ca55cf 100644
--- a/m4/virt-gnutls.m4
+++ b/m4/virt-gnutls.m4
@@ -17,10 +17,6 @@ dnl License along with this library. If not, see
dnl <http://www.gnu.org/licenses/>;.
dnl
-AC_DEFUN([LIBVIRT_ARG_GNUTLS],[
- LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [3.2.0])
-])
-
AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [3.2.0])
--
2.16.4
4:43 a.m.
New subject: [libvirt] [PATCH 1/3] configure: Require GnuTLS
On Tue, Jun 05, 2018 at 10:45:55AM +0200, Michal Privoznik wrote:
We are building with GnuTLS everywhere because GnuTLS is widely
available. In addition after recent patches Libvirt relies on
GnuTLS' PRNG.
This second sentance isn't true AFAIK - we still have fallback
to /dev/urandom - GNUTLS is merely the first choice.
None the less I think its desirable to make GNUTLS mandatory
since it is on all the platforms we care about and I prefer
that we can assume a good crypto impl all the time. This mostly
frees us from worrying about fallback impls which have higher
risk of security problems.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
configure.ac | 2 --
m4/virt-gnutls.m4 | 4 ----
2 files changed, 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index 5378e49c0b..e25bf0a6ec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -216,7 +216,6 @@ fi
# RPC, we don't need several libraries.
if test "$with_remote" = "no" ; then
with_libvirtd=no
- with_gnutls=no
with_ssh2=no
with_sasl=no
with_libssh=no
@@ -250,7 +249,6 @@ LIBVIRT_ARG_DBUS
LIBVIRT_ARG_FIREWALLD
LIBVIRT_ARG_FUSE
LIBVIRT_ARG_GLUSTER
-LIBVIRT_ARG_GNUTLS
LIBVIRT_ARG_HAL
LIBVIRT_ARG_LIBPCAP
LIBVIRT_ARG_LIBSSH
diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
index 426a1a0348..6829ca55cf 100644
--- a/m4/virt-gnutls.m4
+++ b/m4/virt-gnutls.m4
@@ -17,10 +17,6 @@ dnl License along with this library. If not, see
dnl <http://www.gnu.org/licenses/>;.
dnl
-AC_DEFUN([LIBVIRT_ARG_GNUTLS],[
- LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [3.2.0])
-])
-
AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [3.2.0])
--
2.16.4
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
6:17 a.m.
New subject: [libvirt] [PATCH 1/3] configure: Require GnuTLS
On 06/05/2018 11:43 AM, Daniel P. Berrangé wrote:
On Tue, Jun 05, 2018 at 10:45:55AM +0200, Michal Privoznik wrote:
> We are building with GnuTLS everywhere because GnuTLS is widely
> available. In addition after recent patches Libvirt relies on
> GnuTLS' PRNG.
This second sentance isn't true AFAIK - we still have fallback
to /dev/urandom - GNUTLS is merely the first choice.
Okay. But after Peter's patches we do rely on GnuTLS more than ever ;-)
I'll reword and resend though.
Michal
None the less I think its desirable to make GNUTLS mandatory
since it is on all the platforms we care about and I prefer
that we can assume a good crypto impl all the time. This mostly
frees us from worrying about fallback impls which have higher
risk of security problems.
Unfortunately not. Both suid and nss libs build with virhash.c which
requires virRandom*(). But this is a bogus dependency and hash tables
are not really used (at least in NSS module, did not bother to check for
suid lib). So we need a stub for virRandom*().
Michal
6:25 a.m.
New subject: [libvirt] [PATCH 1/3] configure: Require GnuTLS
On Tue, Jun 05, 2018 at 13:17:46 +0200, Michal Privoznik wrote:
On 06/05/2018 11:43 AM, Daniel P. Berrangé wrote:
> On Tue, Jun 05, 2018 at 10:45:55AM +0200, Michal Privoznik wrote:
>> We are building with GnuTLS everywhere because GnuTLS is widely
>> available. In addition after recent patches Libvirt relies on
>> GnuTLS' PRNG.
>
> This second sentance isn't true AFAIK - we still have fallback
> to /dev/urandom - GNUTLS is merely the first choice.
Okay. But after Peter's patches we do rely on GnuTLS more than ever ;-)
I'll reword and resend though.
Not really. I just consolidated some code paths so now we actually check
that gnutls is present for disks with secret. It would hit the error in
a different place otherwise, this just broke the testsuite.
A naive fix would be to disable those tests when gnutls is not present,
but if we are going to make it always present it seems a waste of
effort.
3:45 a.m.
New subject: [libvirt] [PATCH 2/3] build: Build gnutls related sources unconditionally
Now that GnuTLS is required these source files must be compiled
in.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/Makefile.am | 7 +------
src/rpc/Makefile.inc.am | 14 ++------------
tests/Makefile.am | 12 ++----------
3 files changed, 5 insertions(+), 28 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index b2db1e9db9..b0e2171eea 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -440,6 +440,7 @@ EXTRA_DIST += $(top_srcdir)/build-aux/augeas-gentest.pl
#
USED_SYM_FILES += $(srcdir)/libvirt_driver_modules.syms
+USED_SYM_FILES += $(srcdir)/libvirt_gnutls.syms
if WITH_LINUX
USED_SYM_FILES += $(srcdir)/libvirt_linux.syms
@@ -453,12 +454,6 @@ else ! WITH_SASL
SYM_FILES += $(srcdir)/libvirt_sasl.syms
endif ! WITH_SASL
-if WITH_GNUTLS
-USED_SYM_FILES += $(srcdir)/libvirt_gnutls.syms
-else ! WITH_GNUTLS
-SYM_FILES += $(srcdir)/libvirt_gnutls.syms
-endif ! WITH_GNUTLS
-
if WITH_SSH2
USED_SYM_FILES += $(srcdir)/libvirt_libssh2.syms
else ! WITH_SSH2
diff --git a/src/rpc/Makefile.inc.am b/src/rpc/Makefile.inc.am
index 14c798d05d..b8c80528d2 100644
--- a/src/rpc/Makefile.inc.am
+++ b/src/rpc/Makefile.inc.am
@@ -31,6 +31,8 @@ libvirt_la_BUILT_LIBADD += \
libvirt_net_rpc_la_SOURCES = \
rpc/virnetmessage.h \
rpc/virnetmessage.c \
+ rpc/virnettlscontext.h \
+ rpc/virnettlscontext.c \
rpc/virnetsocket.h \
rpc/virnetsocket.c \
rpc/virkeepalive.h \
@@ -50,18 +52,6 @@ EXTRA_DIST += \
$(NULL)
endif ! WITH_SSH2
-if WITH_GNUTLS
-libvirt_net_rpc_la_SOURCES += \
- rpc/virnettlscontext.h \
- rpc/virnettlscontext.c \
- $(NULL)
-else ! WITH_GNUTLS
-EXTRA_DIST += \
- rpc/virnettlscontext.h \
- rpc/virnettlscontext.c \
- $(NULL)
-endif ! WITH_GNUTLS
-
if WITH_SASL
libvirt_net_rpc_la_SOURCES += \
rpc/virnetsaslcontext.h \
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 1ce3dbb50f..99c79e3208 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -227,10 +227,9 @@ test_programs += \
virnetsockettest \
virnetdaemontest \
virnetserverclienttest \
+ virnettlscontexttest \
+ virnettlssessiontest \
$(NULL)
-if WITH_GNUTLS
-test_programs += virnettlscontexttest virnettlssessiontest
-endif WITH_GNUTLS
endif WITH_REMOTE
if WITH_LINUX
@@ -1027,7 +1026,6 @@ virnetserverclientmock_la_SOURCES = \
virnetserverclientmock_la_LDFLAGS = $(MOCKLIBS_LDFLAGS)
virnetserverclientmock_la_LIBADD = $(MOCKLIBS_LIBS)
-if WITH_GNUTLS
virnettlscontexttest_SOURCES = \
virnettlscontexttest.c \
virnettlshelpers.h virnettlshelpers.c \
@@ -1046,12 +1044,6 @@ virnettlssessiontest_LDADD += -ltasn1
else ! HAVE_LIBTASN1
EXTRA_DIST += pkix_asn1_tab.c
endif ! HAVE_LIBTASN1
-else ! WITH_GNUTLS
-EXTRA_DIST += \
- virnettlscontexttest.c virnettlssessiontest.c \
- virnettlshelpers.h virnettlshelpers.c \
- testutils.h testutils.c pkix_asn1_tab.c
-endif ! WITH_GNUTLS
virtimetest_SOURCES = \
virtimetest.c testutils.h testutils.c
--
2.16.4
4:44 a.m.
New subject: [libvirt] [PATCH 2/3] build: Build gnutls related sources unconditionally
On Tue, Jun 05, 2018 at 10:45:56AM +0200, Michal Privoznik wrote:
Now that GnuTLS is required these source files must be compiled
in.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/Makefile.am | 7 +------
src/rpc/Makefile.inc.am | 14 ++------------
tests/Makefile.am | 12 ++----------
3 files changed, 5 insertions(+), 28 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index b2db1e9db9..b0e2171eea 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -440,6 +440,7 @@ EXTRA_DIST += $(top_srcdir)/build-aux/augeas-gentest.pl
#
USED_SYM_FILES += $(srcdir)/libvirt_driver_modules.syms
+USED_SYM_FILES += $(srcdir)/libvirt_gnutls.syms
if WITH_LINUX
USED_SYM_FILES += $(srcdir)/libvirt_linux.syms
@@ -453,12 +454,6 @@ else ! WITH_SASL
SYM_FILES += $(srcdir)/libvirt_sasl.syms
endif ! WITH_SASL
-if WITH_GNUTLS
-USED_SYM_FILES += $(srcdir)/libvirt_gnutls.syms
-else ! WITH_GNUTLS
-SYM_FILES += $(srcdir)/libvirt_gnutls.syms
-endif ! WITH_GNUTLS
The libvirt_gnutls.syms file only exists because gnutls was
optional, so shouldn't this just get merged into libvirt_private.syms
or libvirt_rpc.syms as appropriate ?
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
6:17 a.m.
New subject: [libvirt] [PATCH 2/3] build: Build gnutls related sources unconditionally
On 06/05/2018 11:44 AM, Daniel P. Berrangé wrote:
On Tue, Jun 05, 2018 at 10:45:56AM +0200, Michal Privoznik wrote:
> Now that GnuTLS is required these source files must be compiled
> in.
>
> Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
> ---
> src/Makefile.am | 7 +------
> src/rpc/Makefile.inc.am | 14 ++------------
> tests/Makefile.am | 12 ++----------
> 3 files changed, 5 insertions(+), 28 deletions(-)
>
> diff --git a/src/Makefile.am b/src/Makefile.am
> index b2db1e9db9..b0e2171eea 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -440,6 +440,7 @@ EXTRA_DIST += $(top_srcdir)/build-aux/augeas-gentest.pl
> #
>
> USED_SYM_FILES += $(srcdir)/libvirt_driver_modules.syms
> +USED_SYM_FILES += $(srcdir)/libvirt_gnutls.syms
>
> if WITH_LINUX
> USED_SYM_FILES += $(srcdir)/libvirt_linux.syms
> @@ -453,12 +454,6 @@ else ! WITH_SASL
> SYM_FILES += $(srcdir)/libvirt_sasl.syms
> endif ! WITH_SASL
>
> -if WITH_GNUTLS
> -USED_SYM_FILES += $(srcdir)/libvirt_gnutls.syms
> -else ! WITH_GNUTLS
> -SYM_FILES += $(srcdir)/libvirt_gnutls.syms
> -endif ! WITH_GNUTLS
The libvirt_gnutls.syms file only exists because gnutls was
optional, so shouldn't this just get merged into libvirt_private.syms
or libvirt_rpc.syms as appropriate ?
s/libvirt_rpc/libvirt_remote/
Yes, I'll send v2.
Michal
3:45 a.m.
New subject: [libvirt] [PATCH 3/3] src: Drop most of #ifdef WITH_GNUTLS
Now that GnuTLS is a requirement, we can drop a lot of
conditionally built code. However, not all ifdef-s can go because
we still want libvirt_setuid to build without gnutls.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/locking/lock_daemon.c | 4 ---
src/logging/log_daemon.c | 4 ---
src/lxc/lxc_controller.c | 2 --
src/qemu/qemu_migration_cookie.c | 12 +++-----
src/remote/remote_daemon.c | 23 ---------------
src/remote/remote_daemon_dispatch.c | 2 --
src/rpc/virnetdaemon.h | 4 +--
src/rpc/virnetserver.c | 6 ----
src/rpc/virnetserver.h | 6 +---
src/rpc/virnetserverclient.c | 57 +++----------------------------------
src/rpc/virnetserverclient.h | 8 ------
src/rpc/virnetserverservice.c | 24 ----------------
src/rpc/virnetserverservice.h | 10 -------
src/util/vircrypto.c | 43 ++--------------------------
tests/qemuxml2argvtest.c | 15 ----------
tests/vircryptotest.c | 24 +++++-----------
tests/virfilecachetest.c | 18 +++---------
tests/virnetdaemontest.c | 8 ------
tests/virnetserverclienttest.c | 2 --
tests/virrandommock.c | 8 ++----
20 files changed, 27 insertions(+), 253 deletions(-)
diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c
index 78c33bd29c..272d2e3ae9 100644
--- a/src/locking/lock_daemon.c
+++ b/src/locking/lock_daemon.c
@@ -619,9 +619,7 @@ virLockDaemonSetupNetworkingSystemD(virNetServerPtr lockSrv,
virNetServerPtr adm
/* Systemd passes FDs, starting immediately after stderr,
* so the first FD we'll get is '3'. */
if (!(svc = virNetServerServiceNewFD(3 + i, 0,
-#if WITH_GNUTLS
NULL,
-#endif
false, 0, 1)))
return -1;
@@ -642,9 +640,7 @@ virLockDaemonSetupNetworkingNative(virNetServerPtr srv, const char
*sock_path)
VIR_DEBUG("Setting up networking natively");
if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0,
-#if WITH_GNUTLS
NULL,
-#endif
false, 0, 1)))
return -1;
diff --git a/src/logging/log_daemon.c b/src/logging/log_daemon.c
index 91bd9d0b90..4415a61d03 100644
--- a/src/logging/log_daemon.c
+++ b/src/logging/log_daemon.c
@@ -554,9 +554,7 @@ virLogDaemonSetupNetworkingSystemD(virNetServerPtr logSrv,
virNetServerPtr admin
/* Systemd passes FDs, starting immediately after stderr,
* so the first FD we'll get is '3'. */
if (!(svc = virNetServerServiceNewFD(3 + i, 0,
-#if WITH_GNUTLS
NULL,
-#endif
false, 0, 1)))
return -1;
@@ -577,9 +575,7 @@ virLogDaemonSetupNetworkingNative(virNetServerPtr srv, const char
*sock_path)
VIR_DEBUG("Setting up networking natively");
if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0,
-#if WITH_GNUTLS
NULL,
-#endif
false, 0, 1)))
return -1;
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index d5636b808c..03077af1ec 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -957,9 +957,7 @@ static int virLXCControllerSetupServer(virLXCControllerPtr ctrl)
0700,
0,
0,
-#if WITH_GNUTLS
NULL,
-#endif
false,
0,
5)))
diff --git a/src/qemu/qemu_migration_cookie.c b/src/qemu/qemu_migration_cookie.c
index eca1b74d63..60df449d53 100644
--- a/src/qemu/qemu_migration_cookie.c
+++ b/src/qemu/qemu_migration_cookie.c
@@ -18,10 +18,8 @@
#include <config.h>
-#ifdef WITH_GNUTLS
-# include <gnutls/gnutls.h>
-# include <gnutls/x509.h>
-#endif
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
#include "locking/domain_lock.h"
#include "viralloc.h"
@@ -131,7 +129,6 @@ qemuMigrationCookieFree(qemuMigrationCookiePtr mig)
}
-#ifdef WITH_GNUTLS
static char *
qemuDomainExtractTLSSubject(const char *certdir)
{
@@ -188,7 +185,7 @@ qemuDomainExtractTLSSubject(const char *certdir)
VIR_FREE(pemdata);
return NULL;
}
-#endif
+
static qemuMigrationCookieGraphicsPtr
qemuMigrationCookieGraphicsSpiceAlloc(virQEMUDriverPtr driver,
@@ -212,11 +209,10 @@ qemuMigrationCookieGraphicsSpiceAlloc(virQEMUDriverPtr driver,
if (!glisten || !(listenAddr = glisten->address))
listenAddr = cfg->spiceListen;
-#ifdef WITH_GNUTLS
if (cfg->spiceTLS &&
!(mig->tlsSubject =
qemuDomainExtractTLSSubject(cfg->spiceTLSx509certdir)))
goto error;
-#endif
+
if (VIR_STRDUP(mig->listen, listenAddr) < 0)
goto error;
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index 27377fe3bc..21ab22499d 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -375,9 +375,7 @@ daemonSetupNetworking(virNetServerPtr srv,
virNetServerServicePtr svcAdm = NULL;
virNetServerServicePtr svcRO = NULL;
virNetServerServicePtr svcTCP = NULL;
-#if WITH_GNUTLS
virNetServerServicePtr svcTLS = NULL;
-#endif
gid_t unix_sock_gid = 0;
int unix_sock_ro_mask = 0;
int unix_sock_rw_mask = 0;
@@ -416,9 +414,7 @@ daemonSetupNetworking(virNetServerPtr srv,
unix_sock_rw_mask,
unix_sock_gid,
config->auth_unix_rw,
-#if WITH_GNUTLS
NULL,
-#endif
false,
config->max_queued_clients,
config->max_client_requests,
@@ -429,9 +425,7 @@ daemonSetupNetworking(virNetServerPtr srv,
unix_sock_ro_mask,
unix_sock_gid,
config->auth_unix_ro,
-#if WITH_GNUTLS
NULL,
-#endif
true,
config->max_queued_clients,
config->max_client_requests,
@@ -455,9 +449,7 @@ daemonSetupNetworking(virNetServerPtr srv,
unix_sock_adm_mask,
unix_sock_gid,
REMOTE_AUTH_NONE,
-#if WITH_GNUTLS
NULL,
-#endif
false,
config->admin_max_queued_clients,
config->admin_max_client_requests)))
@@ -475,9 +467,7 @@ daemonSetupNetworking(virNetServerPtr srv,
config->tcp_port,
AF_UNSPEC,
config->auth_tcp,
-#if WITH_GNUTLS
NULL,
-#endif
false,
config->max_queued_clients,
config->max_client_requests)))
@@ -488,7 +478,6 @@ daemonSetupNetworking(virNetServerPtr srv,
goto cleanup;
}
-#if WITH_GNUTLS
if (config->listen_tls) {
virNetTLSContextPtr ctxt = NULL;
@@ -552,22 +541,12 @@ daemonSetupNetworking(virNetServerPtr srv,
virObjectUnref(ctxt);
}
-#else
- (void)privileged;
- if (config->listen_tls) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("This libvirtd build does not support TLS"));
- goto cleanup;
- }
-#endif
}
#if WITH_SASL
if (config->auth_unix_rw == REMOTE_AUTH_SASL ||
(sock_path_ro && config->auth_unix_ro == REMOTE_AUTH_SASL) ||
-# if WITH_GNUTLS
(ipsock && config->listen_tls && config->auth_tls ==
REMOTE_AUTH_SASL) ||
-# endif
(ipsock && config->listen_tcp && config->auth_tcp ==
REMOTE_AUTH_SASL)) {
saslCtxt = virNetSASLContextNewServer(
(const char *const*)config->sasl_allowed_username_list);
@@ -579,9 +558,7 @@ daemonSetupNetworking(virNetServerPtr srv,
ret = 0;
cleanup:
-#if WITH_GNUTLS
virObjectUnref(svcTLS);
-#endif
virObjectUnref(svcTCP);
virObjectUnref(svcRO);
virObjectUnref(svcAdm);
diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c
index a8a5932d71..81d0445e43 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -3353,7 +3353,6 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED,
if (!sasl)
goto authfail;
-# if WITH_GNUTLS
/* Inform SASL that we've got an external SSF layer from TLS */
if (virNetServerClientHasTLSSession(client)) {
int ssf;
@@ -3367,7 +3366,6 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED,
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto authfail;
}
-# endif
if (virNetServerClientIsSecure(client))
/* If we've got TLS or UNIX domain sock, we don't care about SSF */
diff --git a/src/rpc/virnetdaemon.h b/src/rpc/virnetdaemon.h
index 6576c463b5..09ed5adf36 100644
--- a/src/rpc/virnetdaemon.h
+++ b/src/rpc/virnetdaemon.h
@@ -25,9 +25,7 @@
# include <signal.h>
-# ifdef WITH_GNUTLS
-# include "virnettlscontext.h"
-# endif
+# include "virnettlscontext.h"
# include "virobject.h"
# include "virjson.h"
# include "virnetserverprogram.h"
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 5aeb188900..5c7f7dd08f 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -73,9 +73,7 @@ struct _virNetServer {
int keepaliveInterval;
unsigned int keepaliveCount;
-#ifdef WITH_GNUTLS
virNetTLSContextPtr tls;
-#endif
virNetServerClientPrivNew clientPrivNew;
virNetServerClientPrivPreExecRestart clientPrivPreExecRestart;
@@ -320,9 +318,7 @@ static int virNetServerDispatchNewClient(virNetServerServicePtr svc,
virNetServerServiceGetAuth(svc),
virNetServerServiceIsReadonly(svc),
virNetServerServiceGetMaxRequests(svc),
-#if WITH_GNUTLS
virNetServerServiceGetTLSContext(svc),
-#endif
srv->clientPrivNew,
srv->clientPrivPreExecRestart,
srv->clientPrivFree,
@@ -728,14 +724,12 @@ int virNetServerAddProgram(virNetServerPtr srv,
return -1;
}
-#if WITH_GNUTLS
int virNetServerSetTLSContext(virNetServerPtr srv,
virNetTLSContextPtr tls)
{
srv->tls = virObjectRef(tls);
return 0;
}
-#endif
/**
diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h
index a79c39fdb2..26cec43c22 100644
--- a/src/rpc/virnetserver.h
+++ b/src/rpc/virnetserver.h
@@ -24,9 +24,7 @@
#ifndef __VIR_NET_SERVER_H__
# define __VIR_NET_SERVER_H__
-# ifdef WITH_GNUTLS
-# include "virnettlscontext.h"
-# endif
+# include "virnettlscontext.h"
# include "virnetserverprogram.h"
# include "virnetserverclient.h"
# include "virnetserverservice.h"
@@ -71,10 +69,8 @@ int virNetServerAddService(virNetServerPtr srv,
int virNetServerAddProgram(virNetServerPtr srv,
virNetServerProgramPtr prog);
-# if WITH_GNUTLS
int virNetServerSetTLSContext(virNetServerPtr srv,
virNetTLSContextPtr tls);
-# endif
int virNetServerAddClient(virNetServerPtr srv,
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index ffd4fbc5e6..97cf126f56 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -73,10 +73,8 @@ struct _virNetServerClient
int auth;
bool auth_pending;
bool readonly;
-#if WITH_GNUTLS
virNetTLSContextPtr tlsCtxt;
virNetTLSSessionPtr tls;
-#endif
#if WITH_SASL
virNetSASLSessionPtr sasl;
#endif
@@ -154,18 +152,13 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client)
VIR_DEBUG("tls=%p hs=%d, rx=%p tx=%p",
-#ifdef WITH_GNUTLS
client->tls,
client->tls ? virNetTLSSessionGetHandshakeStatus(client->tls) : -1,
-#else
- NULL, -1,
-#endif
client->rx,
client->tx);
if (!client->sock || client->wantClose)
return 0;
-#if WITH_GNUTLS
if (client->tls) {
switch (virNetTLSSessionGetHandshakeStatus(client->tls)) {
case VIR_NET_TLS_HANDSHAKE_RECVING:
@@ -182,7 +175,6 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client)
mode |= VIR_EVENT_HANDLE_WRITABLE;
}
} else {
-#endif
/* If there is a message on the rx queue, and
* we're not in middle of a delayedClose, then
* we're wanting more input */
@@ -193,9 +185,7 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client)
then monitor for writability on socket */
if (client->tx)
mode |= VIR_EVENT_HANDLE_WRITABLE;
-#if WITH_GNUTLS
}
-#endif
VIR_DEBUG("mode=0%o", mode);
return mode;
}
@@ -300,7 +290,6 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client,
}
-#ifdef WITH_GNUTLS
/* Check the client's access. */
static int
virNetServerClientCheckAccess(virNetServerClientPtr client)
@@ -335,7 +324,7 @@ virNetServerClientCheckAccess(virNetServerClientPtr client)
return 0;
}
-#endif
+
static void virNetServerClientDispatchMessage(virNetServerClientPtr client,
virNetMessagePtr msg)
@@ -396,9 +385,7 @@ virNetServerClientNewInternal(unsigned long long id,
virNetSocketPtr sock,
int auth,
bool auth_pending,
-#ifdef WITH_GNUTLS
virNetTLSContextPtr tls,
-#endif
bool readonly,
size_t nrequests_max,
long long timestamp)
@@ -416,9 +403,7 @@ virNetServerClientNewInternal(unsigned long long id,
client->auth = auth;
client->auth_pending = auth_pending;
client->readonly = readonly;
-#ifdef WITH_GNUTLS
client->tlsCtxt = virObjectRef(tls);
-#endif
client->nrequests_max = nrequests_max;
client->conn_time = timestamp;
@@ -452,9 +437,7 @@ virNetServerClientPtr virNetServerClientNew(unsigned long long id,
int auth,
bool readonly,
size_t nrequests_max,
-#ifdef WITH_GNUTLS
virNetTLSContextPtr tls,
-#endif
virNetServerClientPrivNew privNew,
virNetServerClientPrivPreExecRestart
privPreExecRestart,
virFreeCallback privFree,
@@ -464,13 +447,7 @@ virNetServerClientPtr virNetServerClientNew(unsigned long long id,
time_t now;
bool auth_pending = !virNetServerClientAuthMethodImpliesAuthenticated(auth);
- VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth,
-#ifdef WITH_GNUTLS
- tls
-#else
- NULL
-#endif
- );
+ VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth, tls);
if ((now = time(NULL)) == (time_t)-1) {
virReportSystemError(errno, "%s", _("failed to get current
time"));
@@ -478,10 +455,7 @@ virNetServerClientPtr virNetServerClientNew(unsigned long long id,
}
if (!(client = virNetServerClientNewInternal(id, sock, auth, auth_pending,
-#ifdef WITH_GNUTLS
- tls,
-#endif
- readonly, nrequests_max,
+ tls, readonly, nrequests_max,
now)))
return NULL;
@@ -586,9 +560,7 @@ virNetServerClientPtr
virNetServerClientNewPostExecRestart(virNetServerPtr srv,
sock,
auth,
auth_pending,
-#ifdef WITH_GNUTLS
NULL,
-#endif
readonly,
nrequests_max,
timestamp))) {
@@ -720,7 +692,6 @@ long long virNetServerClientGetTimestamp(virNetServerClientPtr
client)
return client->conn_time;
}
-#ifdef WITH_GNUTLS
bool virNetServerClientHasTLSSession(virNetServerClientPtr client)
{
bool has;
@@ -749,7 +720,6 @@ int virNetServerClientGetTLSKeySize(virNetServerClientPtr client)
virObjectUnlock(client);
return size;
}
-#endif
int virNetServerClientGetFD(virNetServerClientPtr client)
{
@@ -837,13 +807,11 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
}
#endif
-#if WITH_GNUTLS
if (client->tls) {
const char *identity = virNetTLSSessionGetX509DName(client->tls);
if (virIdentitySetX509DName(ret, identity) < 0)
goto error;
}
-#endif
if (client->sock &&
virNetSocketGetSELinuxContext(client->sock, &seccontext) < 0)
@@ -895,10 +863,8 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client)
{
bool secure = false;
virObjectLock(client);
-#if WITH_GNUTLS
if (client->tls)
secure = true;
-#endif
#if WITH_SASL
if (client->sasl)
secure = true;
@@ -1019,10 +985,8 @@ void virNetServerClientDispose(void *obj)
#endif
if (client->sockTimer > 0)
virEventRemoveTimeout(client->sockTimer);
-#if WITH_GNUTLS
virObjectUnref(client->tls);
virObjectUnref(client->tlsCtxt);
-#endif
virObjectUnref(client->sock);
}
@@ -1071,12 +1035,10 @@ virNetServerClientCloseLocked(virNetServerClientPtr client)
if (client->sock)
virNetSocketRemoveIOCallback(client->sock);
-#if WITH_GNUTLS
if (client->tls) {
virObjectUnref(client->tls);
client->tls = NULL;
}
-#endif
client->wantClose = true;
while (client->rx) {
@@ -1139,13 +1101,10 @@ int virNetServerClientInit(virNetServerClientPtr client)
{
virObjectLock(client);
-#if WITH_GNUTLS
if (!client->tlsCtxt) {
-#endif
/* Plain socket, so prepare to read first message */
if (virNetServerClientRegisterEvent(client) < 0)
goto error;
-#if WITH_GNUTLS
} else {
int ret;
@@ -1174,7 +1133,6 @@ int virNetServerClientInit(virNetServerClientPtr client)
goto error;
}
}
-#endif
virObjectUnlock(client);
return 0;
@@ -1475,7 +1433,6 @@ virNetServerClientDispatchWrite(virNetServerClientPtr client)
}
-#if WITH_GNUTLS
static void
virNetServerClientDispatchHandshake(virNetServerClientPtr client)
{
@@ -1498,7 +1455,7 @@ virNetServerClientDispatchHandshake(virNetServerClientPtr client)
client->wantClose = true;
}
}
-#endif
+
static void
virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque)
@@ -1516,21 +1473,17 @@ virNetServerClientDispatchEvent(virNetSocketPtr sock, int events,
void *opaque)
if (events & (VIR_EVENT_HANDLE_WRITABLE |
VIR_EVENT_HANDLE_READABLE)) {
-#if WITH_GNUTLS
if (client->tls &&
virNetTLSSessionGetHandshakeStatus(client->tls) !=
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
virNetServerClientDispatchHandshake(client);
} else {
-#endif
if (events & VIR_EVENT_HANDLE_WRITABLE)
virNetServerClientDispatchWrite(client);
if (events & VIR_EVENT_HANDLE_READABLE &&
client->rx)
msg = virNetServerClientDispatchRead(client);
-#if WITH_GNUTLS
}
-#endif
}
/* NB, will get HANGUP + READABLE at same time upon
@@ -1687,10 +1640,8 @@ virNetServerClientGetTransport(virNetServerClientPtr client)
else
ret = VIR_CLIENT_TRANS_TCP;
-#ifdef WITH_GNUTLS
if (client->tls)
ret = VIR_CLIENT_TRANS_TLS;
-#endif
virObjectUnlock(client);
diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h
index b21446eeb7..b7ff660eef 100644
--- a/src/rpc/virnetserverclient.h
+++ b/src/rpc/virnetserverclient.h
@@ -69,18 +69,12 @@ virNetServerClientPtr virNetServerClientNew(unsigned long long id,
int auth,
bool readonly,
size_t nrequests_max,
-# ifdef WITH_GNUTLS
virNetTLSContextPtr tls,
-# endif
virNetServerClientPrivNew privNew,
virNetServerClientPrivPreExecRestart
privPreExecRestart,
virFreeCallback privFree,
void *privOpaque)
-# ifdef WITH_GNUTLS
ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(7) ATTRIBUTE_NONNULL(9);
-# else
- ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) ATTRIBUTE_NONNULL(8);
-# endif
virNetServerClientPtr virNetServerClientNewPostExecRestart(virNetServerPtr srv,
virJSONValuePtr object,
@@ -107,11 +101,9 @@ void virNetServerClientSetReadonly(virNetServerClientPtr client, bool
readonly);
unsigned long long virNetServerClientGetID(virNetServerClientPtr client);
long long virNetServerClientGetTimestamp(virNetServerClientPtr client);
-# ifdef WITH_GNUTLS
bool virNetServerClientHasTLSSession(virNetServerClientPtr client);
virNetTLSSessionPtr virNetServerClientGetTLSSession(virNetServerClientPtr client);
int virNetServerClientGetTLSKeySize(virNetServerClientPtr client);
-# endif
# ifdef WITH_SASL
bool virNetServerClientHasSASLSession(virNetServerClientPtr client);
diff --git a/src/rpc/virnetserverservice.c b/src/rpc/virnetserverservice.c
index 23fc23cab4..e6762366ab 100644
--- a/src/rpc/virnetserverservice.c
+++ b/src/rpc/virnetserverservice.c
@@ -43,9 +43,7 @@ struct _virNetServerService {
bool readonly;
size_t nrequests_client_max;
-#if WITH_GNUTLS
virNetTLSContextPtr tls;
-#endif
virNetServerServiceDispatchFunc dispatchFunc;
void *dispatchOpaque;
@@ -94,9 +92,7 @@ virNetServerServiceNewFDOrUNIX(const char *path,
mode_t mask,
gid_t grp,
int auth,
-#if WITH_GNUTLS
virNetTLSContextPtr tls,
-#endif
bool readonly,
size_t max_queued_clients,
size_t nrequests_client_max,
@@ -112,9 +108,7 @@ virNetServerServiceNewFDOrUNIX(const char *path,
mask,
grp,
auth,
-#if WITH_GNUTLS
tls,
-#endif
readonly,
max_queued_clients,
nrequests_client_max);
@@ -128,9 +122,7 @@ virNetServerServiceNewFDOrUNIX(const char *path,
*/
return virNetServerServiceNewFD((*cur_fd)++,
auth,
-#if WITH_GNUTLS
tls,
-#endif
readonly,
max_queued_clients,
nrequests_client_max);
@@ -142,9 +134,7 @@ virNetServerServicePtr virNetServerServiceNewTCP(const char
*nodename,
const char *service,
int family,
int auth,
-#if WITH_GNUTLS
virNetTLSContextPtr tls,
-#endif
bool readonly,
size_t max_queued_clients,
size_t nrequests_client_max)
@@ -161,9 +151,7 @@ virNetServerServicePtr virNetServerServiceNewTCP(const char
*nodename,
svc->auth = auth;
svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max;
-#if WITH_GNUTLS
svc->tls = virObjectRef(tls);
-#endif
if (virNetSocketNewListenTCP(nodename,
service,
@@ -202,9 +190,7 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
mode_t mask,
gid_t grp,
int auth,
-#if WITH_GNUTLS
virNetTLSContextPtr tls,
-#endif
bool readonly,
size_t max_queued_clients,
size_t nrequests_client_max)
@@ -221,9 +207,7 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
svc->auth = auth;
svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max;
-#if WITH_GNUTLS
svc->tls = virObjectRef(tls);
-#endif
if (VIR_ALLOC_N(svc->socks, 1) < 0)
goto error;
@@ -263,9 +247,7 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
virNetServerServicePtr virNetServerServiceNewFD(int fd,
int auth,
-#if WITH_GNUTLS
virNetTLSContextPtr tls,
-#endif
bool readonly,
size_t max_queued_clients,
size_t nrequests_client_max)
@@ -282,9 +264,7 @@ virNetServerServicePtr virNetServerServiceNewFD(int fd,
svc->auth = auth;
svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max;
-#if WITH_GNUTLS
svc->tls = virObjectRef(tls);
-#endif
if (VIR_ALLOC_N(svc->socks, 1) < 0)
goto error;
@@ -469,12 +449,10 @@ size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr
svc)
return svc->nrequests_client_max;
}
-#if WITH_GNUTLS
virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc)
{
return svc->tls;
}
-#endif
void virNetServerServiceSetDispatcher(virNetServerServicePtr svc,
virNetServerServiceDispatchFunc func,
@@ -494,9 +472,7 @@ void virNetServerServiceDispose(void *obj)
virObjectUnref(svc->socks[i]);
VIR_FREE(svc->socks);
-#if WITH_GNUTLS
virObjectUnref(svc->tls);
-#endif
}
void virNetServerServiceToggle(virNetServerServicePtr svc,
diff --git a/src/rpc/virnetserverservice.h b/src/rpc/virnetserverservice.h
index 5d8c583db2..a50cb19b6d 100644
--- a/src/rpc/virnetserverservice.h
+++ b/src/rpc/virnetserverservice.h
@@ -41,9 +41,7 @@ virNetServerServicePtr virNetServerServiceNewFDOrUNIX(const char *path,
mode_t mask,
gid_t grp,
int auth,
-# if WITH_GNUTLS
virNetTLSContextPtr tls,
-# endif
bool readonly,
size_t max_queued_clients,
size_t nrequests_client_max,
@@ -53,9 +51,7 @@ virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
const char *service,
int family,
int auth,
-# if WITH_GNUTLS
virNetTLSContextPtr tls,
-# endif
bool readonly,
size_t max_queued_clients,
size_t nrequests_client_max);
@@ -63,17 +59,13 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
mode_t mask,
gid_t grp,
int auth,
-# if WITH_GNUTLS
virNetTLSContextPtr tls,
-# endif
bool readonly,
size_t max_queued_clients,
size_t nrequests_client_max);
virNetServerServicePtr virNetServerServiceNewFD(int fd,
int auth,
-# if WITH_GNUTLS
virNetTLSContextPtr tls,
-# endif
bool readonly,
size_t max_queued_clients,
size_t nrequests_client_max);
@@ -87,9 +79,7 @@ int virNetServerServiceGetPort(virNetServerServicePtr svc);
int virNetServerServiceGetAuth(virNetServerServicePtr svc);
bool virNetServerServiceIsReadonly(virNetServerServicePtr svc);
size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc);
-# ifdef WITH_GNUTLS
virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc);
-# endif
void virNetServerServiceSetDispatcher(virNetServerServicePtr svc,
virNetServerServiceDispatchFunc func,
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index d734ce6ad7..bdb83c5fd3 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -26,10 +26,8 @@
#include "viralloc.h"
#include "virrandom.h"
-#ifdef WITH_GNUTLS
-# include <gnutls/gnutls.h>
-# include <gnutls/crypto.h>
-#endif
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
VIR_LOG_INIT("util.crypto");
@@ -39,7 +37,6 @@ static const char hex[] = "0123456789abcdef";
#define VIR_CRYPTO_LARGEST_DIGEST_SIZE VIR_CRYPTO_HASH_SIZE_SHA256
-#if WITH_GNUTLS
struct virHashInfo {
gnutls_digest_algorithm_t algorithm;
@@ -74,17 +71,7 @@ virCryptoHashBuf(virCryptoHash hash,
return hashinfo[hash].hashlen;
}
-#else
-ssize_t
-virCryptoHashBuf(virCryptoHash hash,
- const char *input ATTRIBUTE_UNUSED,
- unsigned char *output ATTRIBUTE_UNUSED)
-{
- virReportError(VIR_ERR_INVALID_ARG,
- _("algorithm=%d is not supported"), hash);
- return -1;
-}
-#endif
+
int
virCryptoHashString(virCryptoHash hash,
@@ -129,11 +116,7 @@ virCryptoHaveCipher(virCryptoCipher algorithm)
switch (algorithm) {
case VIR_CRYPTO_CIPHER_AES256CBC:
-#ifdef WITH_GNUTLS
return true;
-#else
- return false;
-#endif
case VIR_CRYPTO_CIPHER_NONE:
case VIR_CRYPTO_CIPHER_LAST:
@@ -144,7 +127,6 @@ virCryptoHaveCipher(virCryptoCipher algorithm)
}
-#ifdef WITH_GNUTLS
/* virCryptoEncryptDataAESgntuls:
*
* Performs the AES gnutls encryption
@@ -295,22 +277,3 @@ virCryptoEncryptData(virCryptoCipher algorithm,
_("algorithm=%d is not supported"), algorithm);
return -1;
}
-
-#else
-
-int
-virCryptoEncryptData(virCryptoCipher algorithm,
- uint8_t *enckey ATTRIBUTE_UNUSED,
- size_t enckeylen ATTRIBUTE_UNUSED,
- uint8_t *iv ATTRIBUTE_UNUSED,
- size_t ivlen ATTRIBUTE_UNUSED,
- uint8_t *data ATTRIBUTE_UNUSED,
- size_t datalen ATTRIBUTE_UNUSED,
- uint8_t **ciphertext ATTRIBUTE_UNUSED,
- size_t *ciphertextlen ATTRIBUTE_UNUSED)
-{
- virReportError(VIR_ERR_INVALID_ARG,
- _("algorithm=%d is not supported"), algorithm);
- return -1;
-}
-#endif
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 14a994523f..36bff26d33 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1043,10 +1043,8 @@ mymain(void)
DO_TEST("disk-drive-network-sheepdog", NONE);
DO_TEST("disk-drive-network-rbd-auth", NONE);
DO_TEST("disk-drive-network-source-auth", NONE);
-# ifdef WITH_GNUTLS
DO_TEST("disk-drive-network-rbd-auth-AES",
QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI);
-# endif
DO_TEST("disk-drive-network-rbd-ipv6", NONE);
DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE);
DO_TEST("disk-drive-network-vxhs", QEMU_CAPS_VXHS);
@@ -1339,17 +1337,10 @@ mymain(void)
if (VIR_STRDUP_QUIET(driver.config->chardevTLSx509secretUUID,
"6fd3f62d-9fe7-4a4e-a869-7acd6376d8ea") < 0)
return EXIT_FAILURE;
-# ifdef WITH_GNUTLS
DO_TEST("serial-tcp-tlsx509-secret-chardev",
QEMU_CAPS_OBJECT_SECRET,
QEMU_CAPS_DEVICE_ISA_SERIAL,
QEMU_CAPS_OBJECT_TLS_CREDS_X509);
-# else
- DO_TEST_FAILURE("serial-tcp-tlsx509-secret-chardev",
- QEMU_CAPS_OBJECT_SECRET,
- QEMU_CAPS_DEVICE_ISA_SERIAL,
- QEMU_CAPS_OBJECT_TLS_CREDS_X509);
-# endif
driver.config->chardevTLS = 0;
VIR_FREE(driver.config->chardevTLSx509certdir);
DO_TEST("serial-many-chardev",
@@ -1653,14 +1644,10 @@ mymain(void)
DO_TEST("encrypted-disk", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT_SECRET);
DO_TEST("encrypted-disk-usage", QEMU_CAPS_QCOW2_LUKS,
QEMU_CAPS_OBJECT_SECRET);
-# ifdef WITH_GNUTLS
DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET);
DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET);
DO_TEST_PARSE_ERROR("luks-disks-source-qcow2", QEMU_CAPS_OBJECT_SECRET);
DO_TEST("luks-disks-source-qcow2", QEMU_CAPS_OBJECT_SECRET,
QEMU_CAPS_QCOW2_LUKS);
-# else
- DO_TEST_FAILURE("luks-disks", QEMU_CAPS_OBJECT_SECRET);
-# endif
DO_TEST_PARSE_ERROR("luks-disk-invalid", NONE);
DO_TEST_PARSE_ERROR("luks-disks-source-both", QEMU_CAPS_OBJECT_SECRET);
@@ -2351,12 +2338,10 @@ mymain(void)
DO_TEST("hostdev-scsi-virtio-iscsi-auth",
QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI,
QEMU_CAPS_DEVICE_SCSI_GENERIC);
-# ifdef WITH_GNUTLS
DO_TEST("disk-hostdev-scsi-virtio-iscsi-auth-AES",
QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI,
QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_OBJECT_SECRET,
QEMU_CAPS_ISCSI_PASSWORD_SECRET);
-# endif
DO_TEST("hostdev-scsi-vhost-scsi-ccw",
QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE_VHOST_SCSI,
QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_CCW);
diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c
index b6313e73ad..6841d74901 100644
--- a/tests/vircryptotest.c
+++ b/tests/vircryptotest.c
@@ -22,11 +22,10 @@
#include "testutils.h"
-#if WITH_GNUTLS
-# include "vircrypto.h"
-# include "virrandom.h"
+#include "vircrypto.h"
+#include "virrandom.h"
-# define VIR_FROM_THIS VIR_FROM_NONE
+#define VIR_FROM_THIS VIR_FROM_NONE
struct testCryptoHashData {
virCryptoHash hash;
@@ -130,7 +129,7 @@ mymain(void)
0x1b, 0x8c, 0x3f, 0x48,
0x27, 0xae, 0xb6, 0x7a};
-# define VIR_CRYPTO_HASH(h, i, o) \
+#define VIR_CRYPTO_HASH(h, i, o) \
do { \
struct testCryptoHashData data = { \
.hash = h, \
@@ -153,9 +152,9 @@ mymain(void)
VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_MD5, "The quick brown fox",
"a2004f37730b9445670a738fa0fc9ee5");
VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_SHA256, "The quick brown fox",
"5cac4f980fedc3d3f1f99b4be3472c9b30d56523e632d151237ec9309048bda9");
-# undef VIR_CRYPTO_HASH
+#undef VIR_CRYPTO_HASH
-# define VIR_CRYPTO_ENCRYPT(a, n, i, il, c, cl) \
+#define VIR_CRYPTO_ENCRYPT(a, n, i, il, c, cl) \
do { \
struct testCryptoEncryptData data = { \
.algorithm = a, \
@@ -174,19 +173,10 @@ mymain(void)
VIR_CRYPTO_ENCRYPT(VIR_CRYPTO_CIPHER_AES256CBC, "aes265cbc",
secretdata, 7, expected_ciphertext, 16);
-# undef VIR_CRYPTO_ENCRYPT
+#undef VIR_CRYPTO_ENCRYPT
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
/* Forces usage of not so random virRandomBytes */
VIR_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virrandommock.so")
-#else
-static int
-mymain(void)
-{
- return EXIT_AM_SKIP;
-}
-
-VIR_TEST_MAIN(mymain);
-#endif /* WITH_GNUTLS */
diff --git a/tests/virfilecachetest.c b/tests/virfilecachetest.c
index 44386742e1..82c2286752 100644
--- a/tests/virfilecachetest.c
+++ b/tests/virfilecachetest.c
@@ -21,12 +21,11 @@
#include "testutils.h"
-#if WITH_GNUTLS
-# include "virfile.h"
-# include "virfilecache.h"
+#include "virfile.h"
+#include "virfilecache.h"
-# define VIR_FROM_THIS VIR_FROM_NONE
+#define VIR_FROM_THIS VIR_FROM_NONE
struct _testFileCacheObj {
@@ -214,7 +213,7 @@ mymain(void)
virFileCacheSetPriv(cache, &testPriv);
-# define TEST_RUN(name, newData, expectData, expectSave) \
+#define TEST_RUN(name, newData, expectData, expectSave) \
do { \
testFileCacheData data = { \
cache, name, newData, expectData, expectSave \
@@ -235,12 +234,3 @@ mymain(void)
}
VIR_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virfilecachemock.so")
-#else
-static int
-mymain(void)
-{
- return EXIT_AM_SKIP;
-}
-
-VIR_TEST_MAIN(mymain);
-#endif /* WITH_GNUTLS */
diff --git a/tests/virnetdaemontest.c b/tests/virnetdaemontest.c
index ef869b16e3..6f4957fc4c 100644
--- a/tests/virnetdaemontest.c
+++ b/tests/virnetdaemontest.c
@@ -117,9 +117,7 @@ testCreateServer(const char *server_name, const char *host, int
family)
NULL,
family,
VIR_NET_SERVER_SERVICE_AUTH_NONE,
-# ifdef WITH_GNUTLS
NULL,
-# endif
true,
5,
2)))
@@ -129,9 +127,7 @@ testCreateServer(const char *server_name, const char *host, int
family)
NULL,
family,
VIR_NET_SERVER_SERVICE_AUTH_POLKIT,
-# ifdef WITH_GNUTLS
NULL,
-# endif
false,
25,
5)))
@@ -152,9 +148,7 @@ testCreateServer(const char *server_name, const char *host, int
family)
VIR_NET_SERVER_SERVICE_AUTH_SASL,
true,
15,
-# ifdef WITH_GNUTLS
NULL,
-# endif
testClientNew,
testClientPreExec,
testClientFree,
@@ -166,9 +160,7 @@ testCreateServer(const char *server_name, const char *host, int
family)
VIR_NET_SERVER_SERVICE_AUTH_POLKIT,
true,
66,
-# ifdef WITH_GNUTLS
NULL,
-# endif
testClientNew,
testClientPreExec,
testClientFree,
diff --git a/tests/virnetserverclienttest.c b/tests/virnetserverclienttest.c
index 1759d76630..3f801902ca 100644
--- a/tests/virnetserverclienttest.c
+++ b/tests/virnetserverclienttest.c
@@ -73,9 +73,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED)
sv[0] = -1;
if (!(client = virNetServerClientNew(1, sock, 0, false, 1,
-# ifdef WITH_GNUTLS
NULL,
-# endif
testClientNew,
NULL,
testClientFree,
diff --git a/tests/virrandommock.c b/tests/virrandommock.c
index fd1a61f673..99a55a576a 100644
--- a/tests/virrandommock.c
+++ b/tests/virrandommock.c
@@ -22,6 +22,9 @@
#ifndef WIN32
+# include <stdio.h>
+# include <gnutls/gnutls.h>
+
# include "internal.h"
# include "virstring.h"
# include "virrandom.h"
@@ -50,10 +53,6 @@ int virRandomGenerateWWN(char **wwn,
}
-# ifdef WITH_GNUTLS
-# include <stdio.h>
-# include <gnutls/gnutls.h>
-
static int (*real_gnutls_dh_params_generate2)(gnutls_dh_params_t dparams,
unsigned int bits);
@@ -87,7 +86,6 @@ gnutls_dh_params_generate2(gnutls_dh_params_t dparams,
return gnutls_dh_params_cpy(dparams, params_cache);
}
-# endif
#else /* WIN32 */
/* Can't mock on WIN32 */
#endif
--
2.16.4
4:45 a.m.
New subject: [libvirt] [PATCH 3/3] src: Drop most of #ifdef WITH_GNUTLS
On Tue, Jun 05, 2018 at 10:45:57AM +0200, Michal Privoznik wrote:
Now that GnuTLS is a requirement, we can drop a lot of
conditionally built code. However, not all ifdef-s can go because
we still want libvirt_setuid to build without gnutls.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/locking/lock_daemon.c | 4 ---
src/logging/log_daemon.c | 4 ---
src/lxc/lxc_controller.c | 2 --
src/qemu/qemu_migration_cookie.c | 12 +++-----
src/remote/remote_daemon.c | 23 ---------------
src/remote/remote_daemon_dispatch.c | 2 --
src/rpc/virnetdaemon.h | 4 +--
src/rpc/virnetserver.c | 6 ----
src/rpc/virnetserver.h | 6 +---
src/rpc/virnetserverclient.c | 57 +++----------------------------------
src/rpc/virnetserverclient.h | 8 ------
src/rpc/virnetserverservice.c | 24 ----------------
src/rpc/virnetserverservice.h | 10 -------
src/util/vircrypto.c | 43 ++--------------------------
tests/qemuxml2argvtest.c | 15 ----------
tests/vircryptotest.c | 24 +++++-----------
tests/virfilecachetest.c | 18 +++---------
tests/virnetdaemontest.c | 8 ------
tests/virnetserverclienttest.c | 2 --
tests/virrandommock.c | 8 ++----
20 files changed, 27 insertions(+), 253 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
4:02 a.m.
On Tue, 2018-06-05 at 10:45 +0200, Michal Privoznik wrote:
I should also mention that surprisingly this breaks travis. This
time,
it's Ubuntu that lacks new enough GnuTLS and not OSX. But after Peter's
patches travis is broken anyway (on GnuTLS).
As mentioned elsewhere, I believe the way to go here is to just
drop Linux builds from Travis CI. They only offer Ubuntu 14.04,
which is not supported as per our support policy[1], but having
it on Travis makes it de-facto supported and holds us back.
We can have Ubuntu 16.04 and 18.04 (actual supported platforms)
builders up and running in no time in the CentOS CI environment,
once we have been assigned more hardware - or at the expense of
overall slower builds to due to overcommittment.
Either way, even taking the performance hit would IMHO be
preferable than keeping 14.04 compatibility around, especially
now that we finally managed to leave RHEL 6 behind.
[1] https://libvirt.org/platforms.html
--
Andrea Bolognani / Red Hat / Virtualization
2362
days inactive
2362
days old
10 comments
4 participants
participants (4)
-
Andrea Bolognani -
Daniel P. Berrangé -
Michal Privoznik -
Peter Krempa