[PATCH 00/12] qemu: Remove code for old insecure secret passing
Ján Tomko
jtomko at redhat.com
Wed Sep 22 12:12:54 UTC 2021
On a Wednesday in 2021, Peter Krempa wrote:
>We are at the point where we can remove all the code to pass secrets
>(RBD/iSCSI authentication passwords) on the commandline in plaintext
>as all supported versions of qemu now support -object secret and the
>corresponding methods to pass the secrets securely.
>
>Peter Krempa (12):
> util: Remove use of virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC)
> qemu: Always assume presence of QEMU_CAPS_OBJECT_SECRET
> qemu: capabilities: Retire QEMU_CAPS_OBJECT_SECRET
> qemu: domain: Remove qemuDomainSupportsEncryptedSecret
> qemu: domain: Always assume QEMU_CAPS_ISCSI_PASSWORD_SECRET
> qemu: capabilities: Retire QEMU_CAPS_ISCSI_PASSWORD_SECRET
> qemu: Remove VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN and associated code
> qemu: command: Remove qemuBuildGeneralSecinfoURI
> qemuBuildSCSIiSCSIHostdevDrvStr: Don't call qemuDiskSourceNeedsProps
> qemu: Simplify qemuDomainSecretInfo
> qemu: domain: Rename secrets setup function
> qemu: command: Remove qemuBuildRBDSecinfoURI
>
> src/libvirt_private.syms | 1 -
> src/qemu/qemu_backup.c | 2 +-
> src/qemu/qemu_block.c | 40 ++-
> src/qemu/qemu_capabilities.c | 6 +-
> src/qemu/qemu_capabilities.h | 4 +-
> src/qemu/qemu_command.c | 184 +++---------
> src/qemu/qemu_domain.c | 274 ++++--------------
[...]
> tests/qemuxml2argvdata/watchdog.args | 1 +
> tests/qemuxml2argvdata/x86-kvm-32-on-64.args | 1 +
> tests/qemuxml2argvtest.c | 23 +-
> tests/vircryptotest.c | 5 -
> 611 files changed, 710 insertions(+), 591 deletions(-)
>
Reviewed-by: Ján Tomko <jtomko at redhat.com>
Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210922/70ece5a1/attachment-0001.sig>
More information about the libvir-list
mailing list