From nobody Wed May 15 20:09:02 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1603269353; cv=none; d=zohomail.com; s=zohoarc; b=Eh0sywQiX26SvPWYJ+Go1gBmWfD/szNmr2UJzFXHU7QMN3mgon3IrtOAPPqc7v5QKrWYX0BkFjKpFgpDHTlzjQof4enohAwMOcYvX3eHarF5bHH2iMGCaoBXwith/HbXwY68MuEkLki2RU/FoV5tG9noknL285fqyddY4wB61iw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1603269353; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=1V3U6Wb5xwN7k/JVcpw1mqyzhmVQEfPwz1xglNokD8I=; b=DKyHK4uLju2bo7YfWf2RdDOTBvBBYlXQM51mPDI7ILaCgMCWw0mq9lLE/7dVQYZf+Aw52ZjnJTuEKTU1WnYtXaRbZm02T4pWRtkhF7kRTbb4ZmIajdP6jt6Q7LpaTIIQ8cIvepqNbAEubd1hG167I3SMkwdFupa1978dqVz9No8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 160326935377928.178138794518077; Wed, 21 Oct 2020 01:35:53 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-289-L8bKZ858Oi-zQ-ots9fJDA-1; Wed, 21 Oct 2020 04:35:49 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 24F8B18A8236; Wed, 21 Oct 2020 08:35:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2E33555789; Wed, 21 Oct 2020 08:35:43 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 20CC2181A050; Wed, 21 Oct 2020 08:35:37 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 09L8Zal7008310 for ; Wed, 21 Oct 2020 04:35:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id DD7935C22A; Wed, 21 Oct 2020 08:35:36 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.55]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3BC3C5C1C7 for ; Wed, 21 Oct 2020 08:35:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603269352; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=1V3U6Wb5xwN7k/JVcpw1mqyzhmVQEfPwz1xglNokD8I=; b=MIWYCa4fN8PXSRacdNDugpcrSs40Tl9dsZr6qsSTfmUIDwONrm1tyo679Pj7KHbqbc/nbL 5/jFcVWn+VCTY6ZlzjaBeIRRYBdxrqaP+VmM7xdHI/5gcuEneC2VNnO6sr3nCk3UU4LI2w 9PwlQBaDi2CJjP80RSRNwuBt0pxqRwI= X-MC-Unique: L8bKZ858Oi-zQ-ots9fJDA-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 1/2] qemuxml2argvtest: Sanitize testing of '-enable-fips' Date: Wed, 21 Oct 2020 10:35:26 +0200 Message-Id: <3008d586b7cbf171503daa663d7f9742645835f0.1603269117.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Rename 'FLAG_FIPS' to 'FLAG_FIPS_HOST' to signify that we are simulating a host supporting fips mode and use the flag to assert 'enabeFips' argument of 'qemuProcessCreatePretendCmdBuild' rather than passing it via QEMU_CAPS_ENABLE_FIPS. This prepares the testsuite for testing of -enable-fips deprecation in qemu-5.2. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- tests/qemuxml2argvdata/fips-enabled.args | 31 -------------- .../fips-enabled.x86_64-5.1.0.args | 40 ++++++++++++++++++ .../fips-enabled.x86_64-latest.args | 41 +++++++++++++++++++ tests/qemuxml2argvtest.c | 11 +++-- tests/testutilsqemu.h | 2 +- 5 files changed, 87 insertions(+), 38 deletions(-) delete mode 100644 tests/qemuxml2argvdata/fips-enabled.args create mode 100644 tests/qemuxml2argvdata/fips-enabled.x86_64-5.1.0.args create mode 100644 tests/qemuxml2argvdata/fips-enabled.x86_64-latest.args diff --git a/tests/qemuxml2argvdata/fips-enabled.args b/tests/qemuxml2argvd= ata/fips-enabled.args deleted file mode 100644 index 91b32bd96c..0000000000 --- a/tests/qemuxml2argvdata/fips-enabled.args +++ /dev/null @@ -1,31 +0,0 @@ -LC_ALL=3DC \ -PATH=3D/bin \ -HOME=3D/tmp/lib/domain--1-QEMUGuest1 \ -USER=3Dtest \ -LOGNAME=3Dtest \ -XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \ -XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \ -XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \ -QEMU_AUDIO_DRV=3Dnone \ -/usr/bin/qemu-system-i386 \ --name QEMUGuest1 \ --S \ --enable-fips \ --machine pc,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ --m 214 \ --realtime mlock=3Doff \ --smp 1,sockets=3D1,cores=3D1,threads=3D1 \ --uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ --display none \ --no-user-config \ --nodefaults \ --chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ -server,nowait \ --mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ --rtc base=3Dutc \ --no-shutdown \ --no-acpi \ --usb \ --drive file=3D/dev/HostVG/QEMUGuest1,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ --device ide-hd,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-0,b= ootindex=3D1 \ --device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3 diff --git a/tests/qemuxml2argvdata/fips-enabled.x86_64-5.1.0.args b/tests/= qemuxml2argvdata/fips-enabled.x86_64-5.1.0.args new file mode 100644 index 0000000000..e0e416d391 --- /dev/null +++ b/tests/qemuxml2argvdata/fips-enabled.x86_64-5.1.0.args @@ -0,0 +1,40 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-QEMUGuest1 \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i386 \ +-name guest=3DQEMUGuest1,debug-threads=3Don \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-enable-fips \ +-machine pc-i440fx-5.1,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ +-cpu qemu64 \ +-m 214 \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot strict=3Don \ +-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \ +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1",\ +"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw= ",\ +"file":"libvirt-1-storage"}' \ +-device ide-hd,bus=3Dide.0,unit=3D0,drive=3Dlibvirt-1-format,id=3Dide0-0-0= ,bootindex=3D1 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x2 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/fips-enabled.x86_64-latest.args b/tests= /qemuxml2argvdata/fips-enabled.x86_64-latest.args new file mode 100644 index 0000000000..c06046c398 --- /dev/null +++ b/tests/qemuxml2argvdata/fips-enabled.x86_64-latest.args @@ -0,0 +1,41 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-QEMUGuest1 \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i386 \ +-name guest=3DQEMUGuest1,debug-threads=3Don \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-enable-fips \ +-machine pc,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dp= c.ram \ +-cpu qemu64 \ +-m 214 \ +-object memory-backend-ram,id=3Dpc.ram,size=3D224395264 \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot strict=3Don \ +-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \ +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1",\ +"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw= ",\ +"file":"libvirt-1-storage"}' \ +-device ide-hd,bus=3Dide.0,unit=3D0,drive=3Dlibvirt-1-format,id=3Dide0-0-0= ,bootindex=3D1 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x2 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index abc982890f..cdd606cb42 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -380,7 +380,7 @@ testCheckExclusiveFlags(int flags) { virCheckFlags(FLAG_EXPECT_FAILURE | FLAG_EXPECT_PARSE_ERROR | - FLAG_FIPS | + FLAG_FIPS_HOST | FLAG_REAL_CAPS | FLAG_SKIP_LEGACY_CPUS | FLAG_SLIRP_HELPER | @@ -399,6 +399,7 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv, unsigned int flags, bool jsonPropsValidation) { + bool enableFips =3D !!(flags & FLAG_FIPS_HOST); size_t i; if (qemuProcessCreatePretendCmdPrepare(drv, vm, migrateURI, false, @@ -489,7 +490,7 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv, } return qemuProcessCreatePretendCmdBuild(drv, vm, migrateURI, - (flags & FLAG_FIPS), false, + enableFips, false, jsonPropsValidation); } @@ -610,9 +611,6 @@ testCompareXMLToArgv(const void *data) virSetConnectSecret(conn); virSetConnectStorage(conn); - if (virQEMUCapsGet(info->qemuCaps, QEMU_CAPS_ENABLE_FIPS)) - flags |=3D FLAG_FIPS; - if (testCheckExclusiveFlags(info->flags) < 0) goto cleanup; @@ -2961,7 +2959,8 @@ mymain(void) DO_TEST("panic-no-address", QEMU_CAPS_DEVICE_PANIC); - DO_TEST("fips-enabled", QEMU_CAPS_ENABLE_FIPS); + DO_TEST_CAPS_ARCH_VER_FULL("fips-enabled", "x86_64", "5.1.0", ARG_FLAG= S, FLAG_FIPS_HOST); + DO_TEST_CAPS_ARCH_LATEST_FULL("fips-enabled", "x86_64", ARG_FLAGS, FLA= G_FIPS_HOST); DO_TEST("shmem", QEMU_CAPS_DEVICE_IVSHMEM); DO_TEST("shmem-plain-doorbell", QEMU_CAPS_DEVICE_IVSHMEM, diff --git a/tests/testutilsqemu.h b/tests/testutilsqemu.h index 66f9cef48e..79af1be50d 100644 --- a/tests/testutilsqemu.h +++ b/tests/testutilsqemu.h @@ -48,7 +48,7 @@ typedef enum { typedef enum { FLAG_EXPECT_FAILURE =3D 1 << 0, FLAG_EXPECT_PARSE_ERROR =3D 1 << 1, - FLAG_FIPS =3D 1 << 2, + FLAG_FIPS_HOST =3D 1 << 2, /* simulate host with FIPS mode en= abled */ FLAG_REAL_CAPS =3D 1 << 3, FLAG_SKIP_LEGACY_CPUS =3D 1 << 4, FLAG_SLIRP_HELPER =3D 1 << 5, --=20 2.26.2 From nobody Wed May 15 20:09:02 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1603269370; cv=none; d=zohomail.com; s=zohoarc; b=B/D7lvjFd87ny92kYv2g5lCLjknmHZWJehcvHOU3J/jIs6RwDg0eP/wqYd/qG2HPx+PFK/YEHEHM5ypfcisXRSJzicjeM/SrFOsu30WgH/1TYaOq4hzYnIN419lKqxLCpvfHZW5BFzgCTBxeeU5wtB0T7BiOt4beCiwZ1aF0nfA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1603269370; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=oj/PE/bYKNDANh4FB1imAAT13ltAvOQXSyR0BmjvyW4=; b=iK2JCjun3sT1hCoXiFotmhGkWJs585QjOqnFyuEAAB4othz7hQxHKj9wPptIfZpKuKdVxJqBOzNVb/6snuco3tdEOb2AY0MTIRa39DKZXpl8AbwC9c/YUWBm+EXijLsSYYsLan3EraS7HxhUiKrpG8OZMkVq5XnWVaO+KKT4xuY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 160326937053353.317321457690355; Wed, 21 Oct 2020 01:36:10 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-174-gGdtp59yP--6Va4CaxsYAA-1; Wed, 21 Oct 2020 04:36:06 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 654E118A8224; Wed, 21 Oct 2020 08:36:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 43CE66EF6B; Wed, 21 Oct 2020 08:36:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 090568C7D0; Wed, 21 Oct 2020 08:36:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 09L8ZcEk008315 for ; Wed, 21 Oct 2020 04:35:38 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3E8365C22A; Wed, 21 Oct 2020 08:35:38 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.55]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5DC565C1C7 for ; Wed, 21 Oct 2020 08:35:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603269369; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=oj/PE/bYKNDANh4FB1imAAT13ltAvOQXSyR0BmjvyW4=; b=NXTJhpgDHsKEiY2m+YaMxULRjmFTUU78wDSCRSvscHqBXNX623M6b0kfqJ3QR9hzISht2F ZZLpQ1xa0SKI+j0e5WWL5G7DxN/A2wg8TLRp5+S9iff8tH1lUAw7Jze37JwgE1NjIl4k5n L9x1HDcAcjkcgcguwDr890ZFClXPWaY= X-MC-Unique: gGdtp59yP--6Va4CaxsYAA-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 2/2] qemu: stop passing -enable-fips to QEMU >= 5.2.0 Date: Wed, 21 Oct 2020 10:35:27 +0200 Message-Id: <7b61d65f75c81028af698ceddd129669e1e61b80.1603269117.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) From: Daniel P. Berrang=C3=A9 Use of the -enable-fips option is being deprecated in QEMU >=3D 5.2.0. If FIPS compliance is required, QEMU must be built with libcrypt which will unconditionally enforce it. Thus there is no need for libvirt to pass -enable-fips to modern QEMU. Unfortunately there was never any way to probe for -enable-fips in the first instance, it was enabled by libvirt based on version number originally, and then later unconditionally enabled when libvirt dropped support for older QEMU. Similarly we now use a version number check to decide when to stop passing -enable-fips. Note that the qemu-5.2 capabilities are currently from the pre-release version and will be updated once qemu-5.2 is released. Signed-off-by: Daniel P. Berrang=C3=A9 Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- src/qemu/qemu_capabilities.c | 7 +++++++ src/qemu/qemu_command.c | 12 +++++++++++- src/qemu/qemu_command.h | 2 +- src/qemu/qemu_driver.c | 2 +- src/qemu/qemu_process.c | 2 +- tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml | 1 + tests/qemuxml2argvtest.c | 5 +++++ 56 files changed, 76 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index e2957cf0b2..0af587b251 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -5153,6 +5153,13 @@ virQEMUCapsInitQMPVersionCaps(virQEMUCapsPtr qemuCap= s) /* TCG couldn't be disabled nor queried until QEMU 2.10 */ if (qemuCaps->version < 2010000) virQEMUCapsSet(qemuCaps, QEMU_CAPS_TCG); + + /* -enable-fips is deprecated in QEMU 5.2.0, and QEMU + * should be built with gcrypt to achieve FIPS compliance + * automatically / implicitly + */ + if (qemuCaps->version < 5002000) + virQEMUCapsSet(qemuCaps, QEMU_CAPS_ENABLE_FIPS); } diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 700f6d781c..db5a632586 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1089,10 +1089,20 @@ qemuDiskConfigBlkdeviotuneEnabled(virDomainDiskDefP= tr disk) * old QEMU new QEMU * FIPS enabled doesn't start VNC auth disabled * FIPS disabled/missing VNC auth enabled VNC auth enabled + * + * In QEMU 5.2.0, use of -enable-fips was deprecated. In scenarios + * where FIPS is required, QEMU must be built against libgcrypt + * which automatically enforces FIPS compliance. */ bool -qemuCheckFips(void) +qemuCheckFips(virDomainObjPtr vm) { + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_ENABLE_FIPS)) + return false; + if (virFileExists("/proc/sys/crypto/fips_enabled")) { g_autofree char *buf =3D NULL; diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index d452905fdf..5fa4d1ba8b 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -213,7 +213,7 @@ qemuDiskConfigBlkdeviotuneEnabled(virDomainDiskDefPtr d= isk); bool -qemuCheckFips(void); +qemuCheckFips(virDomainObjPtr vm); virJSONValuePtr qemuBuildHotpluggableCPUProps(const virDomainVcpuDef *vcpu) ATTRIBUTE_NONNULL(1); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index bb4a46be98..6d352bc34c 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6512,7 +6512,7 @@ static char *qemuConnectDomainXMLToNative(virConnectP= tr conn, goto cleanup; if (!(cmd =3D qemuProcessCreatePretendCmdBuild(driver, vm, NULL, - qemuCheckFips(), true, fa= lse))) + qemuCheckFips(vm), true, = false))) goto cleanup; ret =3D virCommandToString(cmd, false); diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index fae386917d..fd02cbe28b 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6900,7 +6900,7 @@ qemuProcessLaunch(virConnectPtr conn, incoming ? incoming->launchURI : NULL, snapshot, vmop, false, - qemuCheckFips(), + qemuCheckFips(vm), &nnicindexes, &nicindexes, 0))) goto cleanup; diff --git a/tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_1.5.3.x86_64.xml index 0b103f25dc..ad8ef54464 100644 --- a/tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml @@ -62,6 +62,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_1.6.0.x86_64.xml index 0361f343ec..a9650bfa58 100644 --- a/tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml @@ -65,6 +65,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_1.7.0.x86_64.xml index 439219fa2e..b53c2f977f 100644 --- a/tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml @@ -66,6 +66,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_2.1.1.x86_64.xml index 050e3c7059..97b29df47d 100644 --- a/tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml b/tests/qem= ucapabilitiesdata/caps_2.10.0.aarch64.xml index b0fcbc4218..34a4c2b3a5 100644 --- a/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml @@ -50,6 +50,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml b/tests/qemuc= apabilitiesdata/caps_2.10.0.ppc64.xml index edf01d2e2f..7f8e9106ea 100644 --- a/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml @@ -49,6 +49,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml b/tests/qemuc= apabilitiesdata/caps_2.10.0.s390x.xml index 98a3c0eec2..7b3d75976f 100644 --- a/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml @@ -31,6 +31,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml b/tests/qemu= capabilitiesdata/caps_2.10.0.x86_64.xml index 98b1a94349..b31acd3571 100644 --- a/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml b/tests/qemuc= apabilitiesdata/caps_2.11.0.s390x.xml index 0391f4b81e..59a6cdf360 100644 --- a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml @@ -31,6 +31,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml b/tests/qemu= capabilitiesdata/caps_2.11.0.x86_64.xml index 9eaafb4ba6..9e8868f032 100644 --- a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml b/tests/qem= ucapabilitiesdata/caps_2.12.0.aarch64.xml index a5d6dc3bef..c36324ca92 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml @@ -50,6 +50,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml b/tests/qemuc= apabilitiesdata/caps_2.12.0.ppc64.xml index d1ed9f6e28..e35f440bf7 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml @@ -49,6 +49,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml b/tests/qemuc= apabilitiesdata/caps_2.12.0.s390x.xml index cef6ebb9ad..a679d8cc05 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml @@ -31,6 +31,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemu= capabilitiesdata/caps_2.12.0.x86_64.xml index 6d48699e3e..4b5f660e18 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_2.4.0.x86_64.xml index 310f69499f..64aeaeef5b 100644 --- a/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_2.5.0.x86_64.xml index af9b9e96fd..51c3c00cb7 100644 --- a/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml b/tests/qemu= capabilitiesdata/caps_2.6.0.aarch64.xml index ec17ca5c27..5f74659837 100644 --- a/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml @@ -52,6 +52,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml b/tests/qemuca= pabilitiesdata/caps_2.6.0.ppc64.xml index 13e6df006e..1f5ccbcd08 100644 --- a/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml @@ -49,6 +49,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_2.6.0.x86_64.xml index c25731997e..a6419f1efb 100644 --- a/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml b/tests/qemuca= pabilitiesdata/caps_2.7.0.s390x.xml index 2421b46f35..b46e16c0d8 100644 --- a/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml @@ -31,6 +31,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_2.7.0.x86_64.xml index 9f25bd17ec..984b62b7b3 100644 --- a/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml b/tests/qemuca= pabilitiesdata/caps_2.8.0.s390x.xml index 8c63aeec07..cda8d08c4d 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml @@ -31,6 +31,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_2.8.0.x86_64.xml index 4e022e2d84..855a1a7392 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml b/tests/qemuca= pabilitiesdata/caps_2.9.0.ppc64.xml index e72611e0a8..94e990da0f 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml @@ -49,6 +49,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml b/tests/qemuca= pabilitiesdata/caps_2.9.0.s390x.xml index b48dc98501..9cdcb9988a 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml @@ -31,6 +31,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_2.9.0.x86_64.xml index d7b2d0633d..2990242a18 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml b/tests/qemuca= pabilitiesdata/caps_3.0.0.ppc64.xml index e4a560bac5..65999c8f77 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml @@ -48,6 +48,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml b/tests/qemu= capabilitiesdata/caps_3.0.0.riscv32.xml index 71f9b0c37f..0b87d591a8 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml @@ -21,6 +21,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml b/tests/qemu= capabilitiesdata/caps_3.0.0.riscv64.xml index 279078d541..595b2cb171 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml @@ -21,6 +21,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml b/tests/qemuca= pabilitiesdata/caps_3.0.0.s390x.xml index f1ed34c612..79494a95bb 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml @@ -32,6 +32,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_3.0.0.x86_64.xml index ae1836b28f..7d37e4f6a2 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml @@ -67,6 +67,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml b/tests/qemuca= pabilitiesdata/caps_3.1.0.ppc64.xml index 0dc0393c22..30e8c2dc2e 100644 --- a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml @@ -49,6 +49,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_3.1.0.x86_64.xml index d4ff21fdac..6d1e612bfc 100644 --- a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml @@ -67,6 +67,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml b/tests/qemu= capabilitiesdata/caps_4.0.0.aarch64.xml index 404a39af03..29e8222c18 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml @@ -52,6 +52,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml b/tests/qemuca= pabilitiesdata/caps_4.0.0.ppc64.xml index cb0232173c..83f3074dd8 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml @@ -51,6 +51,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml b/tests/qemu= capabilitiesdata/caps_4.0.0.riscv32.xml index 11475306f9..614cd8ab0f 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml @@ -55,6 +55,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml b/tests/qemu= capabilitiesdata/caps_4.0.0.riscv64.xml index 608590a35b..14877ca5c2 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml @@ -55,6 +55,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml b/tests/qemuca= pabilitiesdata/caps_4.0.0.s390x.xml index f4d20169e0..92998c8d89 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml @@ -32,6 +32,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_4.0.0.x86_64.xml index e3f83372c2..8fde984e11 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml @@ -67,6 +67,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_4.1.0.x86_64.xml index c32d8ea5d8..339b3d176b 100644 --- a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml @@ -67,6 +67,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml b/tests/qemu= capabilitiesdata/caps_4.2.0.aarch64.xml index 11a964ed39..c90c9aafd5 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml @@ -52,6 +52,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml b/tests/qemuca= pabilitiesdata/caps_4.2.0.ppc64.xml index 60aef01f7b..578b28fdaf 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml @@ -51,6 +51,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml b/tests/qemuca= pabilitiesdata/caps_4.2.0.s390x.xml index 76e2747b65..7142736174 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml @@ -32,6 +32,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_4.2.0.x86_64.xml index fd63a0ee02..1907fb5ae7 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml b/tests/qemu= capabilitiesdata/caps_5.0.0.aarch64.xml index 928af2a01c..28cbd7ab70 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml @@ -54,6 +54,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml b/tests/qemuca= pabilitiesdata/caps_5.0.0.ppc64.xml index e8668a25a9..34e38516f0 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml @@ -52,6 +52,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml b/tests/qemu= capabilitiesdata/caps_5.0.0.riscv64.xml index 85a8a46dac..cc5c83de8c 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml @@ -55,6 +55,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_5.0.0.x86_64.xml index 546b9b0422..20643488c9 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_5.1.0.x86_64.xml index 9ebd7ea582..f4c7a518c9 100644 --- a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_5.2.0.x86_64.xml index 975f00b5e1..3931924abe 100644 --- a/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml @@ -68,6 +68,7 @@ + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index cdd606cb42..9f62d55a80 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -399,6 +399,7 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv, unsigned int flags, bool jsonPropsValidation) { + qemuDomainObjPrivatePtr priv =3D vm->privateData; bool enableFips =3D !!(flags & FLAG_FIPS_HOST); size_t i; @@ -489,6 +490,10 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv, } } + /* we can't use qemuCheckFips() directly as it queries host state */ + if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ENABLE_FIPS)) + enableFips =3D false; + return qemuProcessCreatePretendCmdBuild(drv, vm, migrateURI, enableFips, false, jsonPropsValidation); --=20 2.26.2