[libvirt] [PATCH 1/3] configure: Require GnuTLS
Daniel P. Berrangé
berrange at redhat.com
Tue Jun 5 09:43:24 UTC 2018
On Tue, Jun 05, 2018 at 10:45:55AM +0200, Michal Privoznik wrote:
> We are building with GnuTLS everywhere because GnuTLS is widely
> available. In addition after recent patches Libvirt relies on
> GnuTLS' PRNG.
This second sentance isn't true AFAIK - we still have fallback
to /dev/urandom - GNUTLS is merely the first choice.
None the less I think its desirable to make GNUTLS mandatory
since it is on all the platforms we care about and I prefer
that we can assume a good crypto impl all the time. This mostly
frees us from worrying about fallback impls which have higher
risk of security problems.
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
> configure.ac | 2 --
> m4/virt-gnutls.m4 | 4 ----
> 2 files changed, 6 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index 5378e49c0b..e25bf0a6ec 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -216,7 +216,6 @@ fi
> # RPC, we don't need several libraries.
> if test "$with_remote" = "no" ; then
> with_libvirtd=no
> - with_gnutls=no
> with_ssh2=no
> with_sasl=no
> with_libssh=no
> @@ -250,7 +249,6 @@ LIBVIRT_ARG_DBUS
> LIBVIRT_ARG_FIREWALLD
> LIBVIRT_ARG_FUSE
> LIBVIRT_ARG_GLUSTER
> -LIBVIRT_ARG_GNUTLS
> LIBVIRT_ARG_HAL
> LIBVIRT_ARG_LIBPCAP
> LIBVIRT_ARG_LIBSSH
> diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
> index 426a1a0348..6829ca55cf 100644
> --- a/m4/virt-gnutls.m4
> +++ b/m4/virt-gnutls.m4
> @@ -17,10 +17,6 @@ dnl License along with this library. If not, see
> dnl <http://www.gnu.org/licenses/>.
> dnl
>
> -AC_DEFUN([LIBVIRT_ARG_GNUTLS],[
> - LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [3.2.0])
> -])
> -
> AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
> LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [3.2.0])
>
> --
> 2.16.4
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list