3:45 p.m.
https://bugzilla.redhat.com/show_bug.cgi?id=951637
Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).
There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html
If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.
* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
v3: configure logic is enhanced to try harder to get the
right answer for gentoo. I tested with Fedora 19 and RHEL 6,
but need feedback from a gentoo tester before this can go in.
configure.ac | 37 ++++++++++++++++++++++++++++++-------
libvirt.spec.in | 2 ++
src/libvirt.c | 10 ++++++----
3 files changed, 38 insertions(+), 11 deletions(-)
diff --git a/configure.ac b/configure.ac
index 1817126..e3d148c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1076,12 +1076,26 @@ if test "x$with_gnutls" != "xno"; then
LIBS="$LIBS $GNUTLS_LIBS"
GNUTLS_FOUND=no
+ GNUTLS_GCRYPT=unknown
if test -x "$PKG_CONFIG" ; then
+ dnl Triple probe: gnutls < 2.12 only used gcrypt, gnutls >= 3.0 uses
+ dnl only nettle, and versions in between had a configure option.
+ dnl Our goal is to avoid gcrypt if we can prove gnutls uses nettle,
+ dnl but it is a safe fallback to use gcrypt if we can't prove anything.
+ if $PKG_CONFIG --exists 'gnutls >= 3.0'; then
+ GNUTLS_GCRYPT=no
+ elif $PKG_CONFIG --exists 'gnutls >= 2.12'; then
+ GNUTLS_GCRYPT=probe
+ else
+ GNUTLS_GCRYPT=yes
+ fi
PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
[GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
fi
if test "$GNUTLS_FOUND" = "no"; then
+ dnl pkg-config couldn't help us, assume gcrypt is necessary
fail=0
+ GNUTLS_GCRYPT=yes
AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
@@ -1098,13 +1112,22 @@ if test "x$with_gnutls" != "xno"; then
AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run
libvirt])
fi
else
- dnl Not all versions of gnutls include -lgcrypt, and so we add
- dnl it explicitly for the calls to gcry_control/check_version
- GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
-
- dnl We're not using gcrypt deprecated features so define
- dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
- GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
+ dnl See comments above about when to use gcrypt.
+ if test "$GNUTLS_GCRYPT" = probe; then
+ case `$PKG_CONFIG --libs --static gnutls` in
+ *gcrypt*) GNUTLS_GCRYPT=yes ;;
+ *nettle*) GNUTLS_GCRYPT=no ;;
+ *) GNUTLS_GCRYPT=unknown ;;
+ esac
+ fi
+ if test "$GNUTLS_GCRYPT" = yes || test "$GNUTLS_GCRYPT" =
unknown; then
+ GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
+ dnl We're not using gcrypt deprecated features so define
+ dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
+ GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
+ AC_DEFINE_UNQUOTED([WITH_GNUTLS_GCRYPT], 1,
+ [set to 1 if it is known or assumed that GNUTLS uses gcrypt])
+ fi
dnl gnutls 3.x moved some declarations to a new header
AC_CHECK_HEADERS([gnutls/crypto.h], [], [], [[
diff --git a/libvirt.spec.in b/libvirt.spec.in
index fce7f91..7fd3c85 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -438,7 +438,9 @@ BuildRequires: readline-devel
BuildRequires: ncurses-devel
BuildRequires: gettext
BuildRequires: libtasn1-devel
+%if (0%{?rhel} && 0%{?rhel} < 7) || (0%{?fedora} && 0%{?fedora} <
19)
BuildRequires: libgcrypt-devel
+%endif
BuildRequires: gnutls-devel
BuildRequires: libattr-devel
%if %{with_libvirtd}
diff --git a/src/libvirt.c b/src/libvirt.c
index 8157488..66e8248 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -55,7 +55,9 @@
#include "intprops.h"
#include "virconf.h"
#if WITH_GNUTLS
-# include <gcrypt.h>
+# if WITH_GNUTLS_GCRYPT
+# include <gcrypt.h>
+# endif
# include "rpc/virnettlscontext.h"
#endif
#include "vircommand.h"
@@ -270,7 +272,7 @@ winsock_init(void)
#endif
-#ifdef WITH_GNUTLS
+#ifdef WITH_GNUTLS_GCRYPT
static int virTLSMutexInit(void **priv)
{
virMutexPtr lock = NULL;
@@ -323,7 +325,7 @@ static struct gcry_thread_cbs virTLSThreadImpl = {
virTLSMutexUnlock,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
-#endif
+#endif /* WITH_GNUTLS_GCRYPT */
/* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This
* assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but
@@ -407,7 +409,7 @@ virGlobalInit(void)
virErrorInitialize() < 0)
goto error;
-#ifdef WITH_GNUTLS
+#ifdef WITH_GNUTLS_GCRYPT
/*
* This sequence of API calls it copied exactly from
* gnutls 2.12.23 source lib/gcrypt/init.c, with
--
1.7.1
12:39 p.m.
ping
On 07/30/2013 02:45 PM, Eric Blake wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=951637
Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).
There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html
If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.
* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
v3: configure logic is enhanced to try harder to get the
right answer for gentoo. I tested with Fedora 19 and RHEL 6,
but need feedback from a gentoo tester before this can go in.
configure.ac | 37 ++++++++++++++++++++++++++++++-------
libvirt.spec.in | 2 ++
src/libvirt.c | 10 ++++++----
3 files changed, 38 insertions(+), 11 deletions(-)
diff --git a/configure.ac b/configure.ac
index 1817126..e3d148c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1076,12 +1076,26 @@ if test "x$with_gnutls" != "xno"; then
LIBS="$LIBS $GNUTLS_LIBS"
GNUTLS_FOUND=no
+ GNUTLS_GCRYPT=unknown
if test -x "$PKG_CONFIG" ; then
+ dnl Triple probe: gnutls < 2.12 only used gcrypt, gnutls >= 3.0 uses
+ dnl only nettle, and versions in between had a configure option.
+ dnl Our goal is to avoid gcrypt if we can prove gnutls uses nettle,
+ dnl but it is a safe fallback to use gcrypt if we can't prove anything.
+ if $PKG_CONFIG --exists 'gnutls >= 3.0'; then
+ GNUTLS_GCRYPT=no
+ elif $PKG_CONFIG --exists 'gnutls >= 2.12'; then
+ GNUTLS_GCRYPT=probe
+ else
+ GNUTLS_GCRYPT=yes
+ fi
PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
[GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
fi
if test "$GNUTLS_FOUND" = "no"; then
+ dnl pkg-config couldn't help us, assume gcrypt is necessary
fail=0
+ GNUTLS_GCRYPT=yes
AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
@@ -1098,13 +1112,22 @@ if test "x$with_gnutls" != "xno"; then
AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run
libvirt])
fi
else
- dnl Not all versions of gnutls include -lgcrypt, and so we add
- dnl it explicitly for the calls to gcry_control/check_version
- GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
-
- dnl We're not using gcrypt deprecated features so define
- dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
- GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
+ dnl See comments above about when to use gcrypt.
+ if test "$GNUTLS_GCRYPT" = probe; then
+ case `$PKG_CONFIG --libs --static gnutls` in
+ *gcrypt*) GNUTLS_GCRYPT=yes ;;
+ *nettle*) GNUTLS_GCRYPT=no ;;
+ *) GNUTLS_GCRYPT=unknown ;;
+ esac
+ fi
+ if test "$GNUTLS_GCRYPT" = yes || test "$GNUTLS_GCRYPT" =
unknown; then
+ GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
+ dnl We're not using gcrypt deprecated features so define
+ dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
+ GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
+ AC_DEFINE_UNQUOTED([WITH_GNUTLS_GCRYPT], 1,
+ [set to 1 if it is known or assumed that GNUTLS uses gcrypt])
+ fi
dnl gnutls 3.x moved some declarations to a new header
AC_CHECK_HEADERS([gnutls/crypto.h], [], [], [[
diff --git a/libvirt.spec.in b/libvirt.spec.in
index fce7f91..7fd3c85 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -438,7 +438,9 @@ BuildRequires: readline-devel
BuildRequires: ncurses-devel
BuildRequires: gettext
BuildRequires: libtasn1-devel
+%if (0%{?rhel} && 0%{?rhel} < 7) || (0%{?fedora} && 0%{?fedora} <
19)
BuildRequires: libgcrypt-devel
+%endif
BuildRequires: gnutls-devel
BuildRequires: libattr-devel
%if %{with_libvirtd}
diff --git a/src/libvirt.c b/src/libvirt.c
index 8157488..66e8248 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -55,7 +55,9 @@
#include "intprops.h"
#include "virconf.h"
#if WITH_GNUTLS
-# include <gcrypt.h>
+# if WITH_GNUTLS_GCRYPT
+# include <gcrypt.h>
+# endif
# include "rpc/virnettlscontext.h"
#endif
#include "vircommand.h"
@@ -270,7 +272,7 @@ winsock_init(void)
#endif
-#ifdef WITH_GNUTLS
+#ifdef WITH_GNUTLS_GCRYPT
static int virTLSMutexInit(void **priv)
{
virMutexPtr lock = NULL;
@@ -323,7 +325,7 @@ static struct gcry_thread_cbs virTLSThreadImpl = {
virTLSMutexUnlock,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
-#endif
+#endif /* WITH_GNUTLS_GCRYPT */
/* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This
* assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but
@@ -407,7 +409,7 @@ virGlobalInit(void)
virErrorInitialize() < 0)
goto error;
-#ifdef WITH_GNUTLS
+#ifdef WITH_GNUTLS_GCRYPT
/*
* This sequence of API calls it copied exactly from
* gnutls 2.12.23 source lib/gcrypt/init.c, with
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
8:29 a.m.
On Tue, Jul 30, 2013 at 3:45 PM, Eric Blake <eblake(a)redhat.com> wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=951637
Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).
There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html
If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.
* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
v3: configure logic is enhanced to try harder to get the
right answer for gentoo. I tested with Fedora 19 and RHEL 6,
but need feedback from a gentoo tester before this can go in.
configure.ac | 37 ++++++++++++++++++++++++++++++-------
libvirt.spec.in | 2 ++
src/libvirt.c | 10 ++++++----
3 files changed, 38 insertions(+), 11 deletions(-)
diff --git a/configure.ac b/configure.ac
index 1817126..e3d148c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1076,12 +1076,26 @@ if test "x$with_gnutls" != "xno"; then
LIBS="$LIBS $GNUTLS_LIBS"
GNUTLS_FOUND=no
+ GNUTLS_GCRYPT=unknown
if test -x "$PKG_CONFIG" ; then
+ dnl Triple probe: gnutls < 2.12 only used gcrypt, gnutls >= 3.0 uses
+ dnl only nettle, and versions in between had a configure option.
+ dnl Our goal is to avoid gcrypt if we can prove gnutls uses nettle,
+ dnl but it is a safe fallback to use gcrypt if we can't prove anything.
+ if $PKG_CONFIG --exists 'gnutls >= 3.0'; then
+ GNUTLS_GCRYPT=no
+ elif $PKG_CONFIG --exists 'gnutls >= 2.12'; then
+ GNUTLS_GCRYPT=probe
+ else
+ GNUTLS_GCRYPT=yes
+ fi
PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
[GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
fi
if test "$GNUTLS_FOUND" = "no"; then
+ dnl pkg-config couldn't help us, assume gcrypt is necessary
fail=0
+ GNUTLS_GCRYPT=yes
AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
@@ -1098,13 +1112,22 @@ if test "x$with_gnutls" != "xno"; then
AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run
libvirt])
fi
else
- dnl Not all versions of gnutls include -lgcrypt, and so we add
- dnl it explicitly for the calls to gcry_control/check_version
- GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
-
- dnl We're not using gcrypt deprecated features so define
- dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
- GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
+ dnl See comments above about when to use gcrypt.
+ if test "$GNUTLS_GCRYPT" = probe; then
+ case `$PKG_CONFIG --libs --static gnutls` in
+ *gcrypt*) GNUTLS_GCRYPT=yes ;;
+ *nettle*) GNUTLS_GCRYPT=no ;;
+ *) GNUTLS_GCRYPT=unknown ;;
+ esac
+ fi
+ if test "$GNUTLS_GCRYPT" = yes || test "$GNUTLS_GCRYPT" =
unknown; then
+ GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
+ dnl We're not using gcrypt deprecated features so define
+ dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
+ GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
+ AC_DEFINE_UNQUOTED([WITH_GNUTLS_GCRYPT], 1,
+ [set to 1 if it is known or assumed that GNUTLS uses gcrypt])
+ fi
dnl gnutls 3.x moved some declarations to a new header
AC_CHECK_HEADERS([gnutls/crypto.h], [], [], [[
diff --git a/libvirt.spec.in b/libvirt.spec.in
index fce7f91..7fd3c85 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -438,7 +438,9 @@ BuildRequires: readline-devel
BuildRequires: ncurses-devel
BuildRequires: gettext
BuildRequires: libtasn1-devel
+%if (0%{?rhel} && 0%{?rhel} < 7) || (0%{?fedora} && 0%{?fedora} <
19)
BuildRequires: libgcrypt-devel
+%endif
BuildRequires: gnutls-devel
BuildRequires: libattr-devel
%if %{with_libvirtd}
diff --git a/src/libvirt.c b/src/libvirt.c
index 8157488..66e8248 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -55,7 +55,9 @@
#include "intprops.h"
#include "virconf.h"
#if WITH_GNUTLS
-# include <gcrypt.h>
+# if WITH_GNUTLS_GCRYPT
+# include <gcrypt.h>
+# endif
# include "rpc/virnettlscontext.h"
#endif
#include "vircommand.h"
@@ -270,7 +272,7 @@ winsock_init(void)
#endif
-#ifdef WITH_GNUTLS
+#ifdef WITH_GNUTLS_GCRYPT
static int virTLSMutexInit(void **priv)
{
virMutexPtr lock = NULL;
@@ -323,7 +325,7 @@ static struct gcry_thread_cbs virTLSThreadImpl = {
virTLSMutexUnlock,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
-#endif
+#endif /* WITH_GNUTLS_GCRYPT */
/* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This
* assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but
@@ -407,7 +409,7 @@ virGlobalInit(void)
virErrorInitialize() < 0)
goto error;
-#ifdef WITH_GNUTLS
+#ifdef WITH_GNUTLS_GCRYPT
/*
* This sequence of API calls it copied exactly from
* gnutls 2.12.23 source lib/gcrypt/init.c, with
--
1.7.1
I can ACK this by visual code inspection. I haven't explicitly tested
this patch but its a cleaned up version of the patch we previously
discussed it. If you need me to test it, I can do that tonight.
--
Doug Goldstein
9:15 a.m.
On 08/07/2013 07:29 AM, Doug Goldstein wrote:
On Tue, Jul 30, 2013 at 3:45 PM, Eric Blake <eblake(a)redhat.com>
wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=951637
>
> Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
> regarding initialization. Yet we were unconditionally initializing
> gcrypt even when gnutls wouldn't be using it, and having two crypto
> libraries linked into libvirt.so is pointless, but mostly harmless
> (it doesn't crash, but does interfere with certification efforts).
>
>
> v3: configure logic is enhanced to try harder to get the
> right answer for gentoo. I tested with Fedora 19 and RHEL 6,
> but need feedback from a gentoo tester before this can go in.
>
I can ACK this by visual code inspection. I haven't explicitly tested
this patch but its a cleaned up version of the patch we previously
discussed it. If you need me to test it, I can do that tonight.
I'd feel better with an explicit test; we're in no rush, so I'll wait
for your test results on gentoo.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
10:31 a.m.
On 08/07/2013 08:15 AM, Eric Blake wrote:
On 08/07/2013 07:29 AM, Doug Goldstein wrote:
> On Tue, Jul 30, 2013 at 3:45 PM, Eric Blake <eblake(a)redhat.com> wrote:
>> https://bugzilla.redhat.com/show_bug.cgi?id=951637
>>
>> Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
>> regarding initialization. Yet we were unconditionally initializing
>> gcrypt even when gnutls wouldn't be using it, and having two crypto
>> libraries linked into libvirt.so is pointless, but mostly harmless
>> (it doesn't crash, but does interfere with certification efforts).
>>
>>
>> v3: configure logic is enhanced to try harder to get the
>> right answer for gentoo. I tested with Fedora 19 and RHEL 6,
>> but need feedback from a gentoo tester before this can go in.
>>
>
> I can ACK this by visual code inspection. I haven't explicitly tested
> this patch but its a cleaned up version of the patch we previously
> discussed it. If you need me to test it, I can do that tonight.
I'd feel better with an explicit test; we're in no rush, so I'll wait
for your test results on gentoo.
Did you ever re-run this?
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
10:39 a.m.
On Fri, Aug 09, 2013 at 09:31:39AM -0600, Eric Blake wrote:
On 08/07/2013 08:15 AM, Eric Blake wrote:
> On 08/07/2013 07:29 AM, Doug Goldstein wrote:
>> On Tue, Jul 30, 2013 at 3:45 PM, Eric Blake <eblake(a)redhat.com> wrote:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=951637
>>>
>>> Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
>>> regarding initialization. Yet we were unconditionally initializing
>>> gcrypt even when gnutls wouldn't be using it, and having two crypto
>>> libraries linked into libvirt.so is pointless, but mostly harmless
>>> (it doesn't crash, but does interfere with certification efforts).
>>>
>
>>>
>>> v3: configure logic is enhanced to try harder to get the
>>> right answer for gentoo. I tested with Fedora 19 and RHEL 6,
>>> but need feedback from a gentoo tester before this can go in.
>>>
>
>>
>> I can ACK this by visual code inspection. I haven't explicitly tested
>> this patch but its a cleaned up version of the patch we previously
>> discussed it. If you need me to test it, I can do that tonight.
>
> I'd feel better with an explicit test; we're in no rush, so I'll wait
> for your test results on gentoo.
Did you ever re-run this?
ACK from my tests on F19.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
11:20 p.m.
On Fri, Aug 9, 2013 at 10:31 AM, Eric Blake <eblake(a)redhat.com> wrote:
On 08/07/2013 08:15 AM, Eric Blake wrote:
> On 08/07/2013 07:29 AM, Doug Goldstein wrote:
>> On Tue, Jul 30, 2013 at 3:45 PM, Eric Blake <eblake(a)redhat.com> wrote:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=951637
>>>
>>> Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
>>> regarding initialization. Yet we were unconditionally initializing
>>> gcrypt even when gnutls wouldn't be using it, and having two crypto
>>> libraries linked into libvirt.so is pointless, but mostly harmless
>>> (it doesn't crash, but does interfere with certification efforts).
>>>
>
>>>
>>> v3: configure logic is enhanced to try harder to get the
>>> right answer for gentoo. I tested with Fedora 19 and RHEL 6,
>>> but need feedback from a gentoo tester before this can go in.
>>>
>
>>
>> I can ACK this by visual code inspection. I haven't explicitly tested
>> this patch but its a cleaned up version of the patch we previously
>> discussed it. If you need me to test it, I can do that tonight.
>
> I'd feel better with an explicit test; we're in no rush, so I'll wait
> for your test results on gentoo.
Did you ever re-run this?
Sorry completely forgot. I just did and it worked great. So ACK.
--
Doug Goldstein
11 a.m.
On 08/09/2013 10:20 PM, Doug Goldstein wrote:
>>>
>>> I can ACK this by visual code inspection. I haven't explicitly tested
>>> this patch but its a cleaned up version of the patch we previously
>>> discussed it. If you need me to test it, I can do that tonight.
>>
>> I'd feel better with an explicit test; we're in no rush, so I'll
wait
>> for your test results on gentoo.
>
> Did you ever re-run this?
Sorry completely forgot. I just did and it worked great. So ACK.
Thanks; pushed now.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
4119
days inactive
4132
days old
7 comments
3 participants
participants (3)
-
Daniel P. Berrange -
Doug Goldstein -
Eric Blake