[libvirt] [PATCHv3 1/5] smartcard: add XML support for <smartcard> device

[Eric Blake]

On 01/26/2011 11:29 AM, Alon Levy wrote:
> yes, the db is a directory name, treated as normal (can be absolute or relative
> to cwd, I don't check, just feed it to NSS).

From qemu's point of view, it can be relative; but how does a libvirt
user know what directory libvirt will be running in?  Hence in the xml
we might as well enforce that it be absolute, with no loss of
functionality (and gui wrappers around libvirt can use typical file
browser windows to allow relative browsing to locate such a directory).

> It defaults to /etc/pki/nssdb:
> (certutil needs an argument, we have it #defined:
> hw/ccid-card-emulated.c:#define CERTIFICATES_DEFAULT_DB "/etc/pki/nssdb"

Okay, I'll add that same default to libvirt.

>> Should we also have 'database' for the 'host' mode if we need one ?
> Yes, without it the usage of certificates is limited to the default certificate
> store, and if anyone wants to run multiple qemu's with different certificates they
> may want to put them into different dbs. 

Does qemu accept -device ccid-card-emulated,backend=nss-emulated,db=xyz?

That is, if NSS is using a host USB device, then I don't see what the
use is of providing a database directory in that case.

I don't see a need to add a <database> subelement to mode='host' in the
XML right now; we can leave that as a future enhancement to the XML
without affecting this patch.  I'm more worried that this patch does
_not_ include anything that doesn't make sense, than I am about adding
more later if we find we missed something.

-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110131/0c730ad4/attachment-0001.sig>