[Libguestfs] [PATCH nbdkit] Add ssh plugin using libssh.
Richard W.M. Jones
rjones at redhat.com
Wed Mar 6 16:05:34 UTC 2019
On Wed, Mar 06, 2019 at 09:59:33AM -0600, Eric Blake wrote:
> On 3/6/19 9:40 AM, Richard W.M. Jones wrote:
> > ---
> > plugins/curl/nbdkit-curl-plugin.pod | 22 +-
> > plugins/ssh/nbdkit-ssh-plugin.pod | 150 ++++++++
> > configure.ac | 17 +
> > plugins/ssh/ssh.c | 521 ++++++++++++++++++++++++++++
> > README | 4 +
> > TODO | 10 +-
> > plugins/ssh/Makefile.am | 69 ++++
> > 7 files changed, 779 insertions(+), 14 deletions(-)
>
> > +
> > +=item B<password=>PASSWORD
> > +
> > +Set the password to use when connecting to the remote server.
> > +
> > +Note that passing this on the command line is not secure on shared
> > +machines.
>
> Worth noting that PASSWORD cannot begin with - or +, because of:
>
> > +
> > +=item B<password=->
> > +
> > +Ask for the password (interactively) when nbdkit starts up.
> > +
> > +=item B<password=+>FILENAME
> > +
> > +Read the password from the named file. This is the most secure method
> > +to supply a password, as long as you set the permissions on the file
> > +appropriately.
>
> these?
>
> Is it also worth a way to read the password over an inherited file
> descriptor (including a pipe)?
This is actually a standard bit of blurb which we use on other pages
(probably podwrapper should substitute it). See for example:
https://github.com/libguestfs/nbdkit/blob/master/plugins/curl/nbdkit-curl-plugin.pod#parameters
It could probably be improved as you note.
> > +=head1 AUTHORS
> > +
> > +Richard W.M. Jones
> > +
> > +Parts derived from Pino Toscano’s qemu libssh driver.
>
> Is that a compatible license? Or I guess another way of wording it -
> what is the license of libssh itself? The resulting ssh plugin may
> already require a stronger license than what nbdkit proper allows, but
> the license of the .so plugin being stronger than the license of the .c
> files does not require the same level of care as when the license of one
> .c file prevents refactoring code out from there into a looser licensed
> .c file elsewhere.
The current (libssh2) block/ssh.c has:
* Copyright (C) 2013 Red Hat Inc., Richard W.M. Jones <rjones at redhat.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
The latest version of Pino's patch doesn't change the license so I
suppose he's happy with it:
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg07267.html
Anyway I think that's compatible?
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
More information about the Libguestfs
mailing list