[libvirt] [PATCH 1/2] configure: move gnutls check into virt-gnutls.m4

Thu Dec 22 09:30:01 UTC 2016

On Wed, Dec 21, 2016 at 06:34:05PM -0500, John Ferlan wrote:
> 
> 
> On 10/24/2016 04:40 AM, Pavel Hrdina wrote:
> > Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
> > ---
> >  configure.ac      | 109 +-----------------------------------------------------
> >  m4/virt-gnutls.m4 |  64 ++++++++++++++++++++++++++++++++
> >  2 files changed, 66 insertions(+), 107 deletions(-)
> >  create mode 100644 m4/virt-gnutls.m4
> > 
> 
> I'm not quite sure what, but something in this change has broken
> encrypted secret capabilities as the following API is not always
> returning false...
> 
> bool
> virCryptoHaveCipher(virCryptoCipher algorithm)
> {
>     switch (algorithm) {
> 
>     case VIR_CRYPTO_CIPHER_AES256CBC:
> 
> #ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
>     return true;
> #else
>     return false;
> #endif
> 
> ...
> 
> Of course the virCryptoEncryptDataAESgntuls is also undefined.
> 
> In order to work around short term, if I use HAVE_GNUTLS_CRYPTO_H I can
> at least get the API needed.
> 
> Just so you know I have a customer case which I'm trying to
> resolve/debug that's impacted by this (naturally)!
> 
> 
> I "hand bisected" back to
> 
> $ git co c290f216c47afbd4f3d1e082cdb98181675cd31e
> $ ./autogen.sh --system
> <lots of gnarly warnings about this omitted>
> 
> $ grep HAVE_GNUTLS config.log
> | #define HAVE_GNUTLS_CRYPTO_H 1
> | #define HAVE_GNUTLS_RND 1
> | #define HAVE_GNUTLS_CIPHER_ENCRYPT 1
> | #define HAVE_GNUTLS_CRYPTO_H 1
> ...
> #define HAVE_GNUTLS_CRYPTO_H 1
> #define HAVE_GNUTLS_RND 1
> #define HAVE_GNUTLS_CIPHER_ENCRYPT 1
> ...
> 
> $ git co 680d2f49dad425395de627a31006cb84848cfa65
> $ ./autogen.sh --system
> <lots of stuff ommitted>
> 
> $ grep HAVE_GNUTLS config.log
> | #define HAVE_GNUTLS_CRYPTO_H 1
> ...
> #define HAVE_GNUTLS_CRYPTO_H 1
> ...
> $
> 
> Note there's no HAVE_GNUTLS_CIPHER_ENCRYPT or HAVE_GNUTLS_RND
> 
> 
> doing the similar process for some followup patches that seemed to be
> related produced the same results
> 
> $ git co 0c62ccf927c60c9c248db52a23670ec2f9bce2b2
> $ git co a55fdc3f251ab1800050505ac1e6158ee7535402
> $ git co 943ddcb71205524fe2a34ca7a9b6cb3744a07555
> 
> 
> Ironically the test for whether this functionality exists uses SKIP so
> as to not cause failures for environments without the gnutls_cipher_encrypt

Hi John,

nice job with the analysis.  The issue is with usage of AC_CHECK_FUNC and
AC_CHECK_FUNCS.  I'll send a patch shortly.

Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161222/1d9dc937/attachment-0001.sig>