We are building with GnuTLS everywhere because GnuTLS is widely
available. In addition after recent patches Libvirt relies on
GnuTLS' PRNG.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 configure.ac      | 2 --
 m4/virt-gnutls.m4 | 4 ----
 2 files changed, 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index 5378e49c0b..e25bf0a6ec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -216,7 +216,6 @@ fi
 # RPC, we don't need several libraries.
 if test "$with_remote" = "no" ; then
   with_libvirtd=no
-  with_gnutls=no
   with_ssh2=no
   with_sasl=no
   with_libssh=no
@@ -250,7 +249,6 @@ LIBVIRT_ARG_DBUS
 LIBVIRT_ARG_FIREWALLD
 LIBVIRT_ARG_FUSE
 LIBVIRT_ARG_GLUSTER
-LIBVIRT_ARG_GNUTLS
 LIBVIRT_ARG_HAL
 LIBVIRT_ARG_LIBPCAP
 LIBVIRT_ARG_LIBSSH
diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
index 426a1a0348..6829ca55cf 100644
--- a/m4/virt-gnutls.m4
+++ b/m4/virt-gnutls.m4
@@ -17,10 +17,6 @@ dnl License along with this library.  If not, see
 dnl <http://www.gnu.org/licenses/>.
 dnl
 
-AC_DEFUN([LIBVIRT_ARG_GNUTLS],[
-  LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [3.2.0])
-])
-
 AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
   LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [3.2.0])
 
-- 
2.16.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

On Tue, Jun 05, 2018 at 10:45:55AM +0200, Michal Privoznik wrote:
> We are building with GnuTLS everywhere because GnuTLS is widely
> available. In addition after recent patches Libvirt relies on
> GnuTLS' PRNG.

This second sentance isn't true AFAIK - we still have fallback
to /dev/urandom - GNUTLS is merely the first choice.

None the less I think its desirable to make GNUTLS mandatory
since it is on all the platforms we care about and I prefer
that we can assume a good crypto impl all the time. This mostly
frees us from worrying about fallback impls which have higher
risk of security problems.

> 
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>  configure.ac      | 2 --
>  m4/virt-gnutls.m4 | 4 ----
>  2 files changed, 6 deletions(-)
> 
> diff --git a/configure.ac b/configure.ac
> index 5378e49c0b..e25bf0a6ec 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -216,7 +216,6 @@ fi
>  # RPC, we don't need several libraries.
>  if test "$with_remote" = "no" ; then
>    with_libvirtd=no
> -  with_gnutls=no
>    with_ssh2=no
>    with_sasl=no
>    with_libssh=no
> @@ -250,7 +249,6 @@ LIBVIRT_ARG_DBUS
>  LIBVIRT_ARG_FIREWALLD
>  LIBVIRT_ARG_FUSE
>  LIBVIRT_ARG_GLUSTER
> -LIBVIRT_ARG_GNUTLS
>  LIBVIRT_ARG_HAL
>  LIBVIRT_ARG_LIBPCAP
>  LIBVIRT_ARG_LIBSSH
> diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
> index 426a1a0348..6829ca55cf 100644
> --- a/m4/virt-gnutls.m4
> +++ b/m4/virt-gnutls.m4
> @@ -17,10 +17,6 @@ dnl License along with this library.  If not, see
>  dnl <http://www.gnu.org/licenses/>.
>  dnl
>  
> -AC_DEFUN([LIBVIRT_ARG_GNUTLS],[
> -  LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [3.2.0])
> -])
> -
>  AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
>    LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [3.2.0])
>  
> -- 
> 2.16.4
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

On 06/05/2018 11:43 AM, Daniel P. Berrangé wrote:
> On Tue, Jun 05, 2018 at 10:45:55AM +0200, Michal Privoznik wrote:
>> We are building with GnuTLS everywhere because GnuTLS is widely
>> available. In addition after recent patches Libvirt relies on
>> GnuTLS' PRNG.
> 
> This second sentance isn't true AFAIK - we still have fallback
> to /dev/urandom - GNUTLS is merely the first choice.

Okay. But after Peter's patches we do rely on GnuTLS more than ever ;-)
I'll reword and resend though.

Michal

> 
> None the less I think its desirable to make GNUTLS mandatory
> since it is on all the platforms we care about and I prefer
> that we can assume a good crypto impl all the time. This mostly
> frees us from worrying about fallback impls which have higher
> risk of security problems.

Unfortunately not. Both suid and nss libs build with virhash.c which
requires virRandom*(). But this is a bogus dependency and hash tables
are not really used (at least in NSS module, did not bother to check for
suid lib). So we need a stub for virRandom*().

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

On Tue, Jun 05, 2018 at 13:17:46 +0200, Michal Privoznik wrote:
> On 06/05/2018 11:43 AM, Daniel P. Berrangé wrote:
> > On Tue, Jun 05, 2018 at 10:45:55AM +0200, Michal Privoznik wrote:
> >> We are building with GnuTLS everywhere because GnuTLS is widely
> >> available. In addition after recent patches Libvirt relies on
> >> GnuTLS' PRNG.
> > 
> > This second sentance isn't true AFAIK - we still have fallback
> > to /dev/urandom - GNUTLS is merely the first choice.
> 
> Okay. But after Peter's patches we do rely on GnuTLS more than ever ;-)
> I'll reword and resend though.

Not really. I just consolidated some code paths so now we actually check
that gnutls is present for disks with secret. It would hit the error in
a different place otherwise, this just broke the testsuite.

A naive fix would be to disable those tests when gnutls is not present,
but if we are going to make it always present it seems a waste of
effort.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list