[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] e8ad8b: crypto: Remove 'crypto-tls-x509-helpe
|
From: |
Richard Henderson |
|
Subject: |
[Qemu-commits] [qemu/qemu] e8ad8b: crypto: Remove 'crypto-tls-x509-helpers.h' from cr... |
|
Date: |
Wed, 24 Jul 2024 16:53:57 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: e8ad8b9987efdbac4116567e685e6fd8ec28ef48
https://github.com/qemu/qemu/commit/e8ad8b9987efdbac4116567e685e6fd8ec28ef48
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M tests/unit/crypto-tls-psk-helpers.c
Log Message:
-----------
crypto: Remove 'crypto-tls-x509-helpers.h' from crypto-tls-psk-helpers.c
crypto-tls-psk-helpers.c doesn't access the declarations
of "crypto-tls-x509-helpers.h", remove the include line
to avoid when building with GNUTLS but without Libtasn1:
In file included from tests/unit/crypto-tls-psk-helpers.c:23:
tests/unit/crypto-tls-x509-helpers.h:26:10: fatal error:
libtasn1.h: No such file or directory
26 | #include <libtasn1.h>
| ^~~~~~~~~~~~
compilation terminated.
Fixes: e1a6dc91dd ("crypto: Implement TLS Pre-Shared Keys (PSK).")
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 0e9bb8ad4d907d28aea8336d43ae990d87b1c834
https://github.com/qemu/qemu/commit/0e9bb8ad4d907d28aea8336d43ae990d87b1c834
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M MAINTAINERS
M tests/qtest/meson.build
M tests/unit/crypto-tls-x509-helpers.c
M tests/unit/crypto-tls-x509-helpers.h
M tests/unit/meson.build
R tests/unit/pkix_asn1_tab.c
A tests/unit/pkix_asn1_tab.c.inc
Log Message:
-----------
crypto: Restrict pkix_asn1_tab[] to crypto-tls-x509-helpers.c
pkix_asn1_tab[] is only accessed by crypto-tls-x509-helpers.c,
rename pkix_asn1_tab.c as pkix_asn1_tab.c.inc and include it once.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[berrange: updated MAINTAINERS for changed filename]
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: dc37d1c56b87c6f4bc354d07791c9e69549e1524
https://github.com/qemu/qemu/commit/dc37d1c56b87c6f4bc354d07791c9e69549e1524
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M meson.build
Log Message:
-----------
crypto: Allow building with GnuTLS but without Libtasn1
We only use Libtasn1 in unit tests. As noted in commit d47b83b118
("tests: add migration tests of TLS with x509 credentials"), having
GnuTLS without Libtasn1 is a valid configuration, so do not require
Libtasn1, to avoid:
Dependency gnutls found: YES 3.7.1 (cached)
Run-time dependency libtasn1 found: NO (tried pkgconfig)
../meson.build:1914:10: ERROR: Dependency "libtasn1" not found, tried
pkgconfig
Fixes: ba7ed407e6 ("configure, meson: convert libtasn1 detection to meson")
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 9263c4173ff5941a8ad1865254131da68d0d7084
https://github.com/qemu/qemu/commit/9263c4173ff5941a8ad1865254131da68d0d7084
Author: Hyman Huang <yong.huang@smartx.com>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M MAINTAINERS
A docs/devel/crypto.rst
M docs/devel/index-internals.rst
A docs/devel/luks-detached-header.rst
Log Message:
-----------
docs/devel: Add introduction to LUKS volume with detached header
Signed-off-by: Hyman Huang <yong.huang@smartx.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 581b4cd5f16d618787bd1e292b851c62c2626da0
https://github.com/qemu/qemu/commit/581b4cd5f16d618787bd1e292b851c62c2626da0
Author: Yao Zi <ziyao@disroot.org>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M meson.build
Log Message:
-----------
meson.build: fix libgcrypt detection on system without libgcrypt-config
libgcrypt starts providing correct pkg-config configuration since 1.9,
in parallel with libgcrypt-config. Since 1.11 it may also stop
installing libgcrypt-config in some scenarios. Use the auto method for
detection of libgcrypt, in which meson will try both pkg-config and
libgcrypt-config.
Auto method for libgcrypt is supported by meson since 0.49.0, which is
higher than the version qemu requires.
Signed-off-by: Yao Zi <ziyao@disroot.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: e818c01ae6e7c54c7019baaf307be59d99ce80b9
https://github.com/qemu/qemu/commit/e818c01ae6e7c54c7019baaf307be59d99ce80b9
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M qapi/crypto.json
Log Message:
-----------
qapi: drop unused QCryptoBlockCreateOptionsLUKS.detached-header
The 'detached-header' field in QCryptoBlockCreateOptionsLUKS
was left over from earlier patch iterations.
Acked-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 48fc887436ce0fa54debec23219554194a13a6f9
https://github.com/qemu/qemu/commit/48fc887436ce0fa54debec23219554194a13a6f9
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M meson.build
Log Message:
-----------
meson: build chardev trace files when have_block
The QSD depends on chardev code, and is built when have_tools is
true. This means conditionalizing chardev trace on have_system
is wrong, we need have_block which is set have_system || have_tools.
This latent bug was historically harmless because only the spice
chardev included tracing, which wasn't built in a !have_system
scenario.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 6ffade7974171b9091b3cdd38a76477fd4f71d8d
https://github.com/qemu/qemu/commit/6ffade7974171b9091b3cdd38a76477fd4f71d8d
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M chardev/char-socket.c
M chardev/trace-events
Log Message:
-----------
chardev: add tracing of socket error conditions
This adds trace points to every error scenario in the chardev socket
backend that can lead to termination of the connection.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 305233349b471840b00068579d0ab0af50395852
https://github.com/qemu/qemu/commit/305233349b471840b00068579d0ab0af50395852
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M crypto/init.c
Log Message:
-----------
crypto: drop gnutls debug logging support
GNUTLS already supports dynamically enabling its logging at runtime by
setting the env var 'GNUTLS_DEBUG_LEVEL=10', so there is no need to
re-invent this logic in QEMU in a way that requires a re-compile.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 57941c9c86357a6a642f9ee3279d881df4043b6d
https://github.com/qemu/qemu/commit/57941c9c86357a6a642f9ee3279d881df4043b6d
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M crypto/tlssession.c
M include/crypto/tlssession.h
M io/channel-tls.c
Log Message:
-----------
crypto: push error reporting into TLS session I/O APIs
The current TLS session I/O APIs just return a synthetic errno
value on error, which has been translated from a gnutls error
value. This looses a large amount of valuable information that
distinguishes different scenarios.
Pushing population of the "Error *errp" object into the TLS
session I/O APIs gives more detailed error information.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 97f7bf113eb50fcdaf0c73aa2ee01e5355abc073
https://github.com/qemu/qemu/commit/97f7bf113eb50fcdaf0c73aa2ee01e5355abc073
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M crypto/tlssession.c
M include/crypto/tlssession.h
M io/channel-tls.c
M tests/unit/test-crypto-tlssession.c
Log Message:
-----------
crypto: propagate errors from TLS session I/O callbacks
GNUTLS doesn't know how to perform I/O on anything other than plain
FDs, so the TLS session provides it with some I/O callbacks. The
GNUTLS API design requires these callbacks to return a unix errno
value, which means we're currently loosing the useful QEMU "Error"
object.
This changes the I/O callbacks in QEMU to stash the "Error" object
in the QCryptoTLSSession class, and fetch it when seeing an I/O
error returned from GNUTLS, thus preserving useful error messages.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 9726687f2fdfe7ae4a3014d78c2b2f639f75e303
https://github.com/qemu/qemu/commit/9726687f2fdfe7ae4a3014d78c2b2f639f75e303
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M MAINTAINERS
M chardev/char-socket.c
M chardev/trace-events
M crypto/init.c
M crypto/tlssession.c
A docs/devel/crypto.rst
M docs/devel/index-internals.rst
A docs/devel/luks-detached-header.rst
M include/crypto/tlssession.h
M io/channel-tls.c
M meson.build
M qapi/crypto.json
M tests/qtest/meson.build
M tests/unit/crypto-tls-psk-helpers.c
M tests/unit/crypto-tls-x509-helpers.c
M tests/unit/crypto-tls-x509-helpers.h
M tests/unit/meson.build
R tests/unit/pkix_asn1_tab.c
A tests/unit/pkix_asn1_tab.c.inc
M tests/unit/test-crypto-tlssession.c
Log Message:
-----------
Merge tag 'misc-fixes-pull-request' of https://gitlab.com/berrange/qemu into
staging
Crypto patches
* Drop unused 'detached-header' QAPI field from LUKS create options
* Improve tracing of TLS sockets and TLS chardevs
* Improve error messages from TLS I/O failures
* Add docs about use of LUKS detached header options
* Allow building without libtasn1, but with GNUTLS
* Fix detection of libgcrypt when libgcrypt-config is absent
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmagzXUACgkQvobrtBUQ
# T9++chAAhCFgo5A/UjQGdl9UAOW/sdgOoHGE3E8Y6sSTQyv+EfHf1DO89JtAh4ft
# d8Hz7Taul4k1wRm6Dxv2aCqH5iS1tgDE2ghGDNwn/zDtHNnjFx3+HcxBaAEcpt3O
# FqvGeG6KdFO1t2UR2DMh1XbhfwygrHiIcSB2y8jrgi46ncS6JvLrFavjLTe7JBn9
# J3y/iYgQiVPN6UlIwUs1EquGdoTI/0SpHVirqHN/2yyrdRsGBsXZq5WI6Oli8zFL
# VqJNmc5Dzo7ushoYG5Rpk83mmC26VuXO/JmXyJ/c7FeADLWUfc/SPPyAMxPGuwFr
# DKg84ovRtq3yZIw8LPoUJOtbcu4Y7BSGwlolQjWegvsVTU6Bdk+teZVR9X64QbM2
# YBXzMkRHUKzR3rb0LewAKehP3n93aBypLln9ZMgg7wj92Rj8Dl/sylaBhDEkH/HQ
# 2pMdSdAWqMnGHfnKPxyjflNO2PIsOenZUkDZwf9i7Ow6fU5n3fqvudVDTWjXpWPn
# V7v9JGNPHocScJFRUqHSVqd2ZWaZX4F1TsvG6SGOmzDGR0IjBRlqos7OEdbAAH1x
# IglizbTxD6M9ZWJrGt1sl6LSAwEp3oXgsWNdejq2+7I6H4BeUm4ACDbdrEjqG9aG
# Ya/HpNT0PEzbGXm6qsuHY5z0agGtaPwdXLcSGnsv+a0rP/9nthY=
# =ccYf
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 24 Jul 2024 07:46:29 PM AEST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
* tag 'misc-fixes-pull-request' of https://gitlab.com/berrange/qemu:
crypto: propagate errors from TLS session I/O callbacks
crypto: push error reporting into TLS session I/O APIs
crypto: drop gnutls debug logging support
chardev: add tracing of socket error conditions
meson: build chardev trace files when have_block
qapi: drop unused QCryptoBlockCreateOptionsLUKS.detached-header
meson.build: fix libgcrypt detection on system without libgcrypt-config
docs/devel: Add introduction to LUKS volume with detached header
crypto: Allow building with GnuTLS but without Libtasn1
crypto: Restrict pkix_asn1_tab[] to crypto-tls-x509-helpers.c
crypto: Remove 'crypto-tls-x509-helpers.h' from crypto-tls-psk-helpers.c
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Compare: https://github.com/qemu/qemu/compare/5fcc25d5e3ce...9726687f2fdf
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications