[libvirt] [PATCH 1/3] configure: Require GnuTLS

Daniel P. Berrangé berrange at redhat.com
Tue Jun 5 09:43:24 UTC 2018 

On Tue, Jun 05, 2018 at 10:45:55AM +0200, Michal Privoznik wrote:
> We are building with GnuTLS everywhere because GnuTLS is widely
> available. In addition after recent patches Libvirt relies on
> GnuTLS' PRNG.

This second sentance isn't true AFAIK - we still have fallback
to /dev/urandom - GNUTLS is merely the first choice.

None the less I think its desirable to make GNUTLS mandatory
since it is on all the platforms we care about and I prefer
that we can assume a good crypto impl all the time. This mostly
frees us from worrying about fallback impls which have higher
risk of security problems.

> 
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  configure.ac      | 2 --
>  m4/virt-gnutls.m4 | 4 ----
>  2 files changed, 6 deletions(-)
> 
> diff --git a/configure.ac b/configure.ac
> index 5378e49c0b..e25bf0a6ec 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -216,7 +216,6 @@ fi
>  # RPC, we don't need several libraries.
>  if test "$with_remote" = "no" ; then
>    with_libvirtd=no
> -  with_gnutls=no
>    with_ssh2=no
>    with_sasl=no
>    with_libssh=no
> @@ -250,7 +249,6 @@ LIBVIRT_ARG_DBUS
>  LIBVIRT_ARG_FIREWALLD
>  LIBVIRT_ARG_FUSE
>  LIBVIRT_ARG_GLUSTER
> -LIBVIRT_ARG_GNUTLS
>  LIBVIRT_ARG_HAL
>  LIBVIRT_ARG_LIBPCAP
>  LIBVIRT_ARG_LIBSSH
> diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
> index 426a1a0348..6829ca55cf 100644
> --- a/m4/virt-gnutls.m4
> +++ b/m4/virt-gnutls.m4
> @@ -17,10 +17,6 @@ dnl License along with this library.  If not, see
>  dnl <http://www.gnu.org/licenses/>.
>  dnl
>  
> -AC_DEFUN([LIBVIRT_ARG_GNUTLS],[
> -  LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [3.2.0])
> -])
> -
>  AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
>    LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [3.2.0])
>  
> -- 
> 2.16.4
> 
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list