From 8573431b9c83a18a35d69e74d14f5055a07b23fc Mon Sep 17 00:00:00 2001 From: shiliyang Date: Mon, 7 Dec 2020 16:37:25 +0800 Subject: [PATCH 01/13] crypto: Fix some code style problems, add spaces around operator MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch fixes error style problems found by checkpatch.pl: ERROR: spaces required around that '*' ERROR: space required after that ',' ERROR: spaces required around that '|' Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Liyang Shi Signed-off-by: Daniel P. Berrangé --- crypto/aes.c | 2 +- crypto/desrfb.c | 2 +- crypto/tlscredsx509.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/aes.c b/crypto/aes.c index 159800df652d..56efc9519612 100644 --- a/crypto/aes.c +++ b/crypto/aes.c @@ -1182,7 +1182,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, rk = key->rd_key; /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { + for (i = 0, j = 4 * (key->rounds); i < j; i += 4, j -= 4) { temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; diff --git a/crypto/desrfb.c b/crypto/desrfb.c index 3274c36510d3..675847c93b36 100644 --- a/crypto/desrfb.c +++ b/crypto/desrfb.c @@ -56,7 +56,7 @@ static const unsigned char pc1[56] = { 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 }; static const unsigned char totrot[16] = { - 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 }; + 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 }; static const unsigned char pc2[48] = { 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index dd7267ccdb0c..c89dd62435b4 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -143,7 +143,7 @@ qcrypto_tls_creds_check_cert_key_usage(QCryptoTLSCredsX509 *creds, if (status < 0) { if (status == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { usage = isCA ? GNUTLS_KEY_KEY_CERT_SIGN : - GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT; + GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT; } else { error_setg(errp, "Unable to query certificate %s key usage: %s", From 31b6aefdbd9d2fe45c25e5236e1cc363229cb96c Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Mon, 30 Nov 2020 11:56:12 +0100 Subject: [PATCH 02/13] crypto: Move USER_CREATABLE to secret_common base class MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of duplicating the code for user creatable objects in secret and secret_keyring, move it to the common base clase secret_common. As the base class is abstract, it won't become user creatable itself. Signed-off-by: Kevin Wolf Signed-off-by: Daniel P. Berrangé --- crypto/secret.c | 14 -------------- crypto/secret_common.c | 15 +++++++++++++++ crypto/secret_keyring.c | 14 -------------- 3 files changed, 15 insertions(+), 28 deletions(-) diff --git a/crypto/secret.c b/crypto/secret.c index 281cb81f0f08..44eaff16f608 100644 --- a/crypto/secret.c +++ b/crypto/secret.c @@ -107,13 +107,6 @@ qcrypto_secret_prop_get_file(Object *obj, } -static void -qcrypto_secret_complete(UserCreatable *uc, Error **errp) -{ - object_property_set_bool(OBJECT(uc), "loaded", true, errp); -} - - static void qcrypto_secret_finalize(Object *obj) { @@ -129,9 +122,6 @@ qcrypto_secret_class_init(ObjectClass *oc, void *data) QCryptoSecretCommonClass *sic = QCRYPTO_SECRET_COMMON_CLASS(oc); sic->load_data = qcrypto_secret_load_data; - UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); - ucc->complete = qcrypto_secret_complete; - object_class_property_add_str(oc, "data", qcrypto_secret_prop_get_data, qcrypto_secret_prop_set_data); @@ -148,10 +138,6 @@ static const TypeInfo qcrypto_secret_info = { .instance_finalize = qcrypto_secret_finalize, .class_size = sizeof(QCryptoSecretClass), .class_init = qcrypto_secret_class_init, - .interfaces = (InterfaceInfo[]) { - { TYPE_USER_CREATABLE }, - { } - } }; diff --git a/crypto/secret_common.c b/crypto/secret_common.c index b03d530867eb..35b82cb531ef 100644 --- a/crypto/secret_common.c +++ b/crypto/secret_common.c @@ -268,6 +268,13 @@ qcrypto_secret_prop_get_keyid(Object *obj, } +static void +qcrypto_secret_complete(UserCreatable *uc, Error **errp) +{ + object_property_set_bool(OBJECT(uc), "loaded", true, errp); +} + + static void qcrypto_secret_finalize(Object *obj) { @@ -281,6 +288,10 @@ qcrypto_secret_finalize(Object *obj) static void qcrypto_secret_class_init(ObjectClass *oc, void *data) { + UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); + + ucc->complete = qcrypto_secret_complete; + object_class_property_add_bool(oc, "loaded", qcrypto_secret_prop_get_loaded, qcrypto_secret_prop_set_loaded); @@ -390,6 +401,10 @@ static const TypeInfo qcrypto_secret_info = { .class_size = sizeof(QCryptoSecretCommonClass), .class_init = qcrypto_secret_class_init, .abstract = true, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } }; diff --git a/crypto/secret_keyring.c b/crypto/secret_keyring.c index 10d8bc48a0f5..1b7edec84a0a 100644 --- a/crypto/secret_keyring.c +++ b/crypto/secret_keyring.c @@ -102,22 +102,12 @@ qcrypto_secret_prop_get_key(Object *obj, Visitor *v, } -static void -qcrypto_secret_keyring_complete(UserCreatable *uc, Error **errp) -{ - object_property_set_bool(OBJECT(uc), "loaded", true, errp); -} - - static void qcrypto_secret_keyring_class_init(ObjectClass *oc, void *data) { QCryptoSecretCommonClass *sic = QCRYPTO_SECRET_COMMON_CLASS(oc); sic->load_data = qcrypto_secret_keyring_load_data; - UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); - ucc->complete = qcrypto_secret_keyring_complete; - object_class_property_add(oc, "serial", "int32_t", qcrypto_secret_prop_get_key, qcrypto_secret_prop_set_key, @@ -130,10 +120,6 @@ static const TypeInfo qcrypto_secret_info = { .name = TYPE_QCRYPTO_SECRET_KEYRING, .instance_size = sizeof(QCryptoSecretKeyring), .class_init = qcrypto_secret_keyring_class_init, - .interfaces = (InterfaceInfo[]) { - { TYPE_USER_CREATABLE }, - { } - } }; From 668cb74b2af1129349a6c41763bc88d801161e09 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Mon, 30 Nov 2020 11:56:13 +0100 Subject: [PATCH 03/13] crypto: Forbid broken unloading of secrets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit qcrypto_secret_prop_set_loaded() forgets to reset secret->rawdata after unloading a secret, which will lead to a double free at some point. Because there is no use case for unloading an already loaded secret (apart from deleting the whole secret object) and we know that nobody could use this because it would lead to crashes, let's just forbid the operation instead of fixing the unloading. Eventually, we'll want to get rid of 'loaded' in the external interface, but for the meantime this is more consistent with rng, which has a similar property 'opened' that also can't be reset to false after it became true. Signed-off-by: Kevin Wolf Signed-off-by: Daniel P. Berrangé --- crypto/secret_common.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/secret_common.c b/crypto/secret_common.c index 35b82cb531ef..714a15d5e52d 100644 --- a/crypto/secret_common.c +++ b/crypto/secret_common.c @@ -191,9 +191,9 @@ qcrypto_secret_prop_set_loaded(Object *obj, secret->rawdata = input; secret->rawlen = inputlen; - } else { - g_free(secret->rawdata); - secret->rawlen = 0; + } else if (secret->rawdata) { + error_setg(errp, "Cannot unload secret"); + return; } } From ab366aae78bcac972a0920ffdda3136fc13fa093 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Mon, 30 Nov 2020 11:56:14 +0100 Subject: [PATCH 04/13] crypto: Fix memory leaks in set_loaded for tls-* MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If you set the loaded property to true when it was already true, the state is overwritten without freeing the old state first. Change the set_loaded callback so that it always frees the old state (which is a no-op if nothing was loaded) and only then load if requestsd. Signed-off-by: Kevin Wolf Signed-off-by: Daniel P. Berrangé --- crypto/tlscredsanon.c | 3 +-- crypto/tlscredspsk.c | 3 +-- crypto/tlscredsx509.c | 3 +-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index 30275b684772..bea5f76c55da 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -123,10 +123,9 @@ qcrypto_tls_creds_anon_prop_set_loaded(Object *obj, { QCryptoTLSCredsAnon *creds = QCRYPTO_TLS_CREDS_ANON(obj); + qcrypto_tls_creds_anon_unload(creds); if (value) { qcrypto_tls_creds_anon_load(creds, errp); - } else { - qcrypto_tls_creds_anon_unload(creds); } } diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index e26807b899e9..f5a31108d157 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -192,10 +192,9 @@ qcrypto_tls_creds_psk_prop_set_loaded(Object *obj, { QCryptoTLSCredsPSK *creds = QCRYPTO_TLS_CREDS_PSK(obj); + qcrypto_tls_creds_psk_unload(creds); if (value) { qcrypto_tls_creds_psk_load(creds, errp); - } else { - qcrypto_tls_creds_psk_unload(creds); } } diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index c89dd62435b4..dbadad4df28e 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -694,10 +694,9 @@ qcrypto_tls_creds_x509_prop_set_loaded(Object *obj, { QCryptoTLSCredsX509 *creds = QCRYPTO_TLS_CREDS_X509(obj); + qcrypto_tls_creds_x509_unload(creds); if (value) { qcrypto_tls_creds_x509_load(creds, errp); - } else { - qcrypto_tls_creds_x509_unload(creds); } } From 166310299a1e7824bbff17e1f016659d18b4a559 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 20 Oct 2020 17:08:27 +0100 Subject: [PATCH 05/13] os: deprecate the -enable-fips option and QEMU's FIPS enforcement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The -enable-fips option was added a long time ago to prevent the use of single DES when VNC when FIPS mode is enabled. It should never have been added, because apps are supposed to unconditionally honour FIPS mode based on the '/proc/sys/crypto/fips_enabled' file contents. In addition there is more to achieving FIPS compliance than merely blocking use of certain algorithms. Those algorithms which are used need to perform self-tests at runtime. QEMU's built-in cryptography provider has no support for self-tests, and neither does the nettle library. If QEMU is required to be used in a FIPS enabled host, then it must be built with the libgcrypt library enabled, which will unconditionally enforce FIPS compliance in any algorithm usage. Thus there is no need to keep either the -enable-fips option in QEMU, or QEMU's internal FIPS checking methods. Reviewed-by: John Snow Reviewed-by: Thomas Huth Signed-off-by: Daniel P. Berrangé --- docs/system/deprecated.rst | 12 ++++++++++++ os-posix.c | 3 +++ 2 files changed, 15 insertions(+) diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst index 9de663526aae..6ac757ed9fa7 100644 --- a/docs/system/deprecated.rst +++ b/docs/system/deprecated.rst @@ -134,6 +134,18 @@ Boolean options such as ``share=on``/``share=off`` could be written in short form as ``share`` and ``noshare``. This is now deprecated and will cause a warning. +``--enable-fips`` (since 6.0) +''''''''''''''''''''''''''''' + +This option restricts usage of certain cryptographic algorithms when +the host is operating in FIPS mode. + +If FIPS compliance is required, QEMU should be built with the ``libgcrypt`` +library enabled as a cryptography provider. + +Neither the ``nettle`` library, or the built-in cryptography provider are +supported on FIPS enabled hosts. + QEMU Machine Protocol (QMP) commands ------------------------------------ diff --git a/os-posix.c b/os-posix.c index 1de2839554cc..a6846f51c173 100644 --- a/os-posix.c +++ b/os-posix.c @@ -153,6 +153,9 @@ int os_parse_cmd_args(int index, const char *optarg) break; #if defined(CONFIG_LINUX) case QEMU_OPTION_enablefips: + warn_report("-enable-fips is deprecated, please build QEMU with " + "the `libgcrypt` library as the cryptography provider " + "to enable FIPS compliance"); fips_set_state(true); break; #endif From 4d7beeab38e6d2d242bcf110532ff6a9b03bd53d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 4 Nov 2020 13:57:21 +0000 Subject: [PATCH 06/13] Prefer 'on' | 'off' over 'yes' | 'no' for bool options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update some docs and test cases to use 'on' | 'off' as the preferred value for bool options. Reviewed-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Daniel P. Berrangé --- docs/system/vnc-security.rst | 10 +++++----- include/authz/listfile.h | 2 +- qemu-options.hx | 4 ++-- tests/qemu-iotests/233 | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/system/vnc-security.rst b/docs/system/vnc-security.rst index 558e4faffc9d..ebca656d8781 100644 --- a/docs/system/vnc-security.rst +++ b/docs/system/vnc-security.rst @@ -65,7 +65,7 @@ encrypted session. .. parsed-literal:: |qemu_system| [...OPTIONS...] \ - -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=no \ + -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=off \ -vnc :1,tls-creds=tls0 -monitor stdio In the above example ``/etc/pki/qemu`` should contain at least three @@ -84,12 +84,12 @@ connecting. The server will request that the client provide a certificate, which it will then validate against the CA certificate. This is a good choice if deploying in an environment with a private internal certificate authority. It uses the same syntax as previously, -but with ``verify-peer`` set to ``yes`` instead. +but with ``verify-peer`` set to ``on`` instead. .. parsed-literal:: |qemu_system| [...OPTIONS...] \ - -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \ + -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \ -vnc :1,tls-creds=tls0 -monitor stdio .. _vnc_005fsec_005fcertificate_005fpw: @@ -103,7 +103,7 @@ authentication to provide two layers of authentication for clients. .. parsed-literal:: |qemu_system| [...OPTIONS...] \ - -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \ + -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \ -vnc :1,tls-creds=tls0,password -monitor stdio (qemu) change vnc password Password: ******** @@ -145,7 +145,7 @@ x509 options: .. parsed-literal:: |qemu_system| [...OPTIONS...] \ - -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \ + -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \ -vnc :1,tls-creds=tls0,sasl -monitor stdio .. _vnc_005fsetup_005fsasl: diff --git a/include/authz/listfile.h b/include/authz/listfile.h index 0a1e5bddd3e5..0b7fe721984b 100644 --- a/include/authz/listfile.h +++ b/include/authz/listfile.h @@ -73,7 +73,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile, * The object can be created on the command line using * * -object authz-list-file,id=authz0,\ - * filename=/etc/qemu/myvm-vnc.acl,refresh=yes + * filename=/etc/qemu/myvm-vnc.acl,refresh=on * */ struct QAuthZListFile { diff --git a/qemu-options.hx b/qemu-options.hx index 9172d5165915..d0410f05125c 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -5027,7 +5027,7 @@ SRST Note the use of quotes due to the x509 distinguished name containing whitespace, and escaping of ','. - ``-object authz-listfile,id=id,filename=path,refresh=yes|no`` + ``-object authz-listfile,id=id,filename=path,refresh=on|off`` Create an authorization object that will control access to network services. @@ -5072,7 +5072,7 @@ SRST # |qemu_system| \\ ... \\ - -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=yes \\ + -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=on \\ ... ``-object authz-pam,id=id,service=string`` diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233 index 7ce5764903b2..da150cd27bbf 100755 --- a/tests/qemu-iotests/233 +++ b/tests/qemu-iotests/233 @@ -84,7 +84,7 @@ echo echo "== check plain client to TLS server fails ==" nbd_server_start_tcp_socket \ - --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \ + --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \ --tls-creds tls0 \ -f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log" @@ -129,7 +129,7 @@ echo "== check TLS with authorization ==" nbd_server_stop nbd_server_start_tcp_socket \ - --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \ + --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \ --object "authz-simple,id=authz0,identity=CN=localhost,, \ O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \ --tls-authz authz0 \ From e6e80fcfd6c478231ac8ef9d2ec647da860252b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 17 Sep 2020 16:50:47 +0100 Subject: [PATCH 07/13] docs: simplify and clarify the platform support rules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The distinction between short life and long life Linux distributions turned out to be redundant. They can both be covered in a simple way by noting support will target the current release, and the previous release for a period of two years or until its EOL. This rule can also apply to the other UNIX based distros, leaving only Windows needing a different set of rules. This also clarifies that Debian LTS is out of scope, because the LTS support is provided by a separate group from the main Debian maintainer team. Reviewed-by: Eduardo Habkost Reviewed-by: Thomas Huth Signed-off-by: Daniel P. Berrangé --- docs/system/build-platforms.rst | 63 ++++++++++++--------------------- 1 file changed, 23 insertions(+), 40 deletions(-) diff --git a/docs/system/build-platforms.rst b/docs/system/build-platforms.rst index 9734eba2f180..692323609e76 100644 --- a/docs/system/build-platforms.rst +++ b/docs/system/build-platforms.rst @@ -25,55 +25,38 @@ software in their distro, QEMU upstream code will not add explicit support for those backports, unless the feature is auto-detectable in a manner that works for the upstream releases too. -The Repology site https://repology.org is a useful resource to identify +The `Repology`_ site is a useful resource to identify currently shipped versions of software in various operating systems, though it does not cover all distros listed below. -Linux OS --------- +Linux OS, macOS, FreeBSD, NetBSD, OpenBSD +----------------------------------------- -For distributions with frequent, short-lifetime releases, the project -will aim to support all versions that are not end of life by their -respective vendors. For the purposes of identifying supported software -versions, the project will look at Fedora, Ubuntu, and openSUSE distros. -Other short- lifetime distros will be assumed to ship similar software -versions. +The project aims to support the most recent major version at all times. Support +for the previous major version will be dropped 2 years after the new major +version is released or when the vendor itself drops support, whichever comes +first. In this context, third-party efforts to extend the lifetime of a distro +are not considered, even when they are endorsed by the vendor (eg. Debian LTS). -For distributions with long-lifetime releases, the project will aim to -support the most recent major version at all times. Support for the -previous major version will be dropped 2 years after the new major -version is released, or when it reaches "end of life". For the purposes -of identifying supported software versions, the project will look at -RHEL, Debian, Ubuntu LTS, and SLES distros. Other long-lifetime distros -will be assumed to ship similar software versions. +For the purposes of identifying supported software versions available on Linux, +the project will look at CentOS, Debian, Fedora, openSUSE, RHEL, SLES and +Ubuntu LTS. Other distros will be assumed to ship similar software versions. -Windows -------- - -The project supports building with current versions of the MinGW -toolchain, hosted on Linux. - -macOS ------ +For FreeBSD and OpenBSD, decisions will be made based on the contents of the +respective ports repository, while NetBSD will use the pkgsrc repository. -The project supports building with the two most recent versions of -macOS, with the current Homebrew package set available. +For macOS, `HomeBrew`_ will be used, although `MacPorts`_ is expected to carry +similar versions. -FreeBSD +Windows ------- -The project aims to support all versions which are not end of -life. - -NetBSD ------- +The project supports building with current versions of the MinGW toolchain, +hosted on Linux (Debian/Fedora). -The project aims to support the most recent major version at all times. -Support for the previous major version will be dropped 2 years after the -new major version is released. - -OpenBSD -------- +The version of the Windows API that's currently targeted is Vista / Server +2008. -The project aims to support all versions which are not end of -life. +.. _HomeBrew: https://brew.sh/ +.. _MacPorts: https://www.macports.org/ +.. _Repology: https://repology.org/ From f029f9112257c9a0e669c2955e8ace21a96704c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 27 Nov 2020 10:32:45 +0000 Subject: [PATCH 08/13] docs: fix missing backslash in certtool shell example MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Peter Maydell Signed-off-by: Daniel P. Berrangé --- docs/system/tls.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/system/tls.rst b/docs/system/tls.rst index dc2b94257f72..b0973afe1bff 100644 --- a/docs/system/tls.rst +++ b/docs/system/tls.rst @@ -64,7 +64,7 @@ interactive prompts from certtool:: cert_signing_key EOF # certtool --generate-self-signed \ - --load-privkey ca-key.pem + --load-privkey ca-key.pem \ --template ca.info \ --outfile ca-cert.pem From 7d7dbf9dc15be6e1465c756c2c5ae7f1ab104fc8 Mon Sep 17 00:00:00 2001 From: Dan Streetman Date: Tue, 19 Jan 2021 12:20:46 -0500 Subject: [PATCH 09/13] configure: replace --enable/disable-git-update with --with-git-submodules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace the --enable-git-update and --disable-git-update configure params with the param --with-git-submodules=(update|validate|ignore) to allow 3 options for building from a git repo. This is needed because downstream packagers, e.g. Debian, Ubuntu, etc, also keep the source code in git, but do not want to enable the 'git_update' mode; with the current code, that's not possible even if the downstream package specifies --disable-git-update. The previous parameters are deprecated but still available; the --enable-git-update parameter maps to --with-git-submodules=update and --disable-git-update parameter maps to --with-git-submodules=validate. The configure script behavior is slightly modified, where previously the dtc, capstone, and slirp submodules were not validated when --disable-git-update was specified (but were updated with git-update enabled), now they are validated when using --with-git-submodules=validate and are only ignored when using --with-git-submodules=ignore. Signed-off-by: Dan Streetman Signed-off-by: Daniel P. Berrangé --- Makefile | 24 ++----------------- configure | 51 ++++++++++++++++++++++++++++++---------- scripts/git-submodule.sh | 34 ++++++++++++++++++++------- 3 files changed, 66 insertions(+), 43 deletions(-) diff --git a/Makefile b/Makefile index 291ea19f2e77..b0dff7390453 100644 --- a/Makefile +++ b/Makefile @@ -47,30 +47,10 @@ git-submodule-update: Makefile: .git-submodule-status .PHONY: git-submodule-update - -git_module_status := $(shell \ - cd '$(SRC_PATH)' && \ - GIT="$(GIT)" ./scripts/git-submodule.sh status $(GIT_SUBMODULES); \ - echo $$?; \ -) - -ifeq (1,$(git_module_status)) -ifeq (no,$(GIT_UPDATE)) git-submodule-update: $(call quiet-command, \ - echo && \ - echo "GIT submodule checkout is out of date. Please run" && \ - echo " scripts/git-submodule.sh update $(GIT_SUBMODULES)" && \ - echo "from the source directory checkout $(SRC_PATH)" && \ - echo && \ - exit 1) -else -git-submodule-update: - $(call quiet-command, \ - (cd $(SRC_PATH) && GIT="$(GIT)" ./scripts/git-submodule.sh update $(GIT_SUBMODULES)), \ - "GIT","$(GIT_SUBMODULES)") -endif -endif + (GIT="$(GIT)" "$(SRC_PATH)/scripts/git-submodule.sh" $(GIT_SUBMODULES_ACTION) $(GIT_SUBMODULES)), \ + "GIT","$(GIT_SUBMODULES)") # 0. ensure the build tree is okay diff --git a/configure b/configure index 87de49e2c217..8fc59848b230 100755 --- a/configure +++ b/configure @@ -254,12 +254,12 @@ gdb_bin=$(command -v "gdb-multiarch" || command -v "gdb") if test -e "$source_path/.git" then - git_update=yes + git_submodules_action="update" git_submodules="ui/keycodemapdb" git_submodules="$git_submodules tests/fp/berkeley-testfloat-3" git_submodules="$git_submodules tests/fp/berkeley-softfloat-3" else - git_update=no + git_submodules_action="ignore" git_submodules="" if ! test -f "$source_path/ui/keycodemapdb/README" @@ -1508,9 +1508,16 @@ for opt do ;; --with-git=*) git="$optarg" ;; - --enable-git-update) git_update=yes + --enable-git-update) + git_submodules_action="update" + echo "--enable-git-update deprecated, use --with-git-submodules=update" ;; - --disable-git-update) git_update=no + --disable-git-update) + git_submodules_action="validate" + echo "--disable-git-update deprecated, use --with-git-submodules=validate" + ;; + --with-git-submodules=*) + git_submodules_action="$optarg" ;; --enable-debug-mutex) debug_mutex=yes ;; @@ -1566,6 +1573,21 @@ for opt do esac done +case $git_submodules_action in + update|validate) + if test ! -e "$source_path/.git"; then + echo "ERROR: cannot $git_submodules_action git submodules without .git" + exit 1 + fi + ;; + ignore) + ;; + *) + echo "ERROR: invalid --with-git-submodules= value '$git_submodules_action'" + exit 1 + ;; +esac + libdir="${libdir:-$prefix/lib}" libexecdir="${libexecdir:-$prefix/libexec}" includedir="${includedir:-$prefix/include}" @@ -1710,6 +1732,9 @@ Advanced options (experts only): --ninja=NINJA use specified ninja [$ninja] --smbd=SMBD use specified smbd [$smbd] --with-git=GIT use specified git [$git] + --with-git-submodules=update update git submodules (default if .git dir exists) + --with-git-submodules=validate fail if git submodules are not up to date + --with-git-submodules=ignore do not update or check git submodules (default if no .git dir) --static enable static build [$static] --mandir=PATH install man pages in PATH --datadir=PATH install firmware in PATH/$qemu_suffix @@ -1926,7 +1951,7 @@ python="$python -B" if test -z "$meson"; then if test "$explicit_python" = no && has meson && version_ge "$(meson --version)" 0.55.3; then meson=meson - elif test -e "${source_path}/.git" && test $git_update = 'yes' ; then + elif test $git_submodules_action != 'ignore' ; then meson=git elif test -e "${source_path}/meson/meson.py" ; then meson=internal @@ -1994,7 +2019,7 @@ fi # Consult white-list to determine whether to enable werror # by default. Only enable by default for git builds if test -z "$werror" ; then - if test -e "$source_path/.git" && \ + if test "$git_submodules_action" != "ignore" && \ { test "$linux" = "yes" || test "$mingw32" = "yes"; }; then werror="yes" else @@ -3550,7 +3575,7 @@ fi case "$fdt" in auto | enabled | internal) # Simpler to always update submodule, even if not needed. - if test -e "${source_path}/.git" && test $git_update = 'yes' ; then + if test "$git_submodules_action" != "ignore"; then git_submodules="${git_submodules} dtc" fi ;; @@ -4264,7 +4289,7 @@ fi case "$capstone" in auto | enabled | internal) # Simpler to always update submodule, even if not needed. - if test -e "${source_path}/.git" && test $git_update = 'yes' ; then + if test "$git_submodules_action" != "ignore"; then git_submodules="${git_submodules} capstone" fi ;; @@ -5211,7 +5236,7 @@ fi case "$slirp" in auto | enabled | internal) # Simpler to always update submodule, even if not needed. - if test -e "${source_path}/.git" && test $git_update = 'yes' ; then + if test "$git_submodules_action" != "ignore"; then git_submodules="${git_submodules} slirp" fi ;; @@ -5385,7 +5410,7 @@ if test "$cpu" = "s390x" ; then roms="$roms s390-ccw" # SLOF is required for building the s390-ccw firmware on s390x, # since it is using the libnet code from SLOF for network booting. - if test -e "${source_path}/.git" ; then + if test "$git_submodules_action" != "ignore"; then git_submodules="${git_submodules} roms/SLOF" fi fi @@ -5423,8 +5448,8 @@ else cxx= fi -if test $git_update = 'yes' ; then - (cd "${source_path}" && GIT="$git" "./scripts/git-submodule.sh" update "$git_submodules") +if !(GIT="$git" "$source_path/scripts/git-submodule.sh" "$git_submodules_action" "$git_submodules"); then + exit 1 fi config_host_mak="config-host.mak" @@ -5435,7 +5460,7 @@ echo >> $config_host_mak echo all: >> $config_host_mak echo "GIT=$git" >> $config_host_mak echo "GIT_SUBMODULES=$git_submodules" >> $config_host_mak -echo "GIT_UPDATE=$git_update" >> $config_host_mak +echo "GIT_SUBMODULES_ACTION=$git_submodules_action" >> $config_host_mak echo "ARCH=$ARCH" >> $config_host_mak diff --git a/scripts/git-submodule.sh b/scripts/git-submodule.sh index 65ed877aefd9..e225d3a96344 100755 --- a/scripts/git-submodule.sh +++ b/scripts/git-submodule.sh @@ -9,9 +9,14 @@ command=$1 shift maybe_modules="$@" +# if --with-git-submodules=ignore, do nothing +test "$command" = "ignore" && exit 0 + test -z "$GIT" && GIT=git -error() { +cd "$(dirname "$0")/.." + +update_error() { echo "$0: $*" echo echo "Unable to automatically checkout GIT submodules '$modules'." @@ -24,7 +29,7 @@ error() { echo "Alternatively you may disable automatic GIT submodule checkout" echo "with:" echo - echo " $ ./configure --disable-git-update" + echo " $ ./configure --with-git-submodules=validate" echo echo "and then manually update submodules prior to running make, with:" echo @@ -33,6 +38,19 @@ error() { exit 1 } +validate_error() { + if test "$1" = "validate"; then + echo "GIT submodules checkout is out of date, and submodules" + echo "configured for validate only. Please run" + echo " scripts/git-submodule.sh update $maybe_modules" + echo "from the source directory or call configure with" + echo " --with-git-submodules=update" + echo "To disable GIT submodules validation, use" + echo " --with-git-submodules=ignore" + fi + exit 1 +} + modules="" for m in $maybe_modules do @@ -52,18 +70,18 @@ then fi case "$command" in -status) +status|validate) if test -z "$maybe_modules" then - test -s ${substat} && exit 1 || exit 0 + test -s ${substat} && validate_error "$command" || exit 0 fi - test -f "$substat" || exit 1 + test -f "$substat" || validate_error "$command" for module in $modules; do CURSTATUS=$($GIT submodule status $module) OLDSTATUS=$(cat $substat | grep $module) if test "$CURSTATUS" != "$OLDSTATUS"; then - exit 1 + validate_error "$command" fi done exit 0 @@ -76,10 +94,10 @@ update) fi $GIT submodule update --init $modules 1>/dev/null - test $? -ne 0 && error "failed to update modules" + test $? -ne 0 && update_error "failed to update modules" $GIT submodule status $modules > "${substat}" - test $? -ne 0 && error "failed to save git submodule status" >&2 + test $? -ne 0 && update_error "failed to save git submodule status" >&2 ;; esac From c93c7dc0367a7df78e4eef2239fdc81c09dada3c Mon Sep 17 00:00:00 2001 From: shiliyang Date: Tue, 3 Nov 2020 11:10:32 +0800 Subject: [PATCH 10/13] crypto: Add spaces around operator MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I am reading crypto related code, find some code style problems while using checkpatch.pl to check crypto folder. Fix the error style problems. Signed-off-by: Liyang Shi Signed-off-by: Daniel P. Berrangé --- crypto/aes.c | 4 ++-- crypto/desrfb.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/aes.c b/crypto/aes.c index 56efc9519612..af72ff777992 100644 --- a/crypto/aes.c +++ b/crypto/aes.c @@ -1080,9 +1080,9 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk = key->rd_key; - if (bits==128) + if (bits == 128) key->rounds = 10; - else if (bits==192) + else if (bits == 192) key->rounds = 12; else key->rounds = 14; diff --git a/crypto/desrfb.c b/crypto/desrfb.c index 675847c93b36..b2a105ebbcb6 100644 --- a/crypto/desrfb.c +++ b/crypto/desrfb.c @@ -93,7 +93,7 @@ void deskey(unsigned char *key, int edf) } for( j = 0; j < 24; j++ ) { if( pcr[pc2[j]] ) kn[m] |= bigbyte[j]; - if( pcr[pc2[j+24]] ) kn[n] |= bigbyte[j]; + if( pcr[pc2[j + 24]] ) kn[n] |= bigbyte[j]; } } cookey(kn); From f4d87ce47c60935e639c76f8973623fd7616cef4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 5 May 2020 11:24:25 +0100 Subject: [PATCH 11/13] ui: update keycodemapdb submodule commit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Primarily this is to pull in a fix for Win32 keycodes. The other useful change is the removal of build timestamp from generated files which is desirable for reproducable builds. The make rules need updating due to slightly changed CLI syntax - more args must now come after the command name. 6119e6e19a050df847418de7babe5166779955e4 Fix scan codes for Korean keys 685684a8404301780714e8a89a871981e7cae988 Fix argument order in output headers b3774853042c951b200d767697285781cc59a83c Add HTML entries for Korean layout keys 8e54850d800e4697a2798fb82ac740e760f8530b Add macOS entries for Japanese keyboards 27acf0ef828bf719b2053ba398b195829413dbdd Fix win32 keycode for VK_OEM_102 317d3eeb963a515e15a63fa356d8ebcda7041a51 Add support for generating RST formatted docs pages 7381b9bfadd31c4c9e9a10b5bb5032f9189d4352 Introduce separate args for title & subtitle with docs generator 6280c94f306df6a20bbc100ba15a5a81af0366e6 keymap-gen: Name sections in pod output df4e56f8fab65ba714ec18f4e7338a966a1620ad Add an empty meson project 16e5b0787687d8904dad2c026107409eb9bfcb95 remove buildtime from generated files 044f21dd0d4f62519aae9f1d53a026407a0b664f add header file generators 7779876a6b06755e3bb2c94ee3ded50635bcb0fa c++: add extern declaration to the generated file 0e0a317889464397d6f1ae03aad0d2ca593aab04 move CLanguageGenerator closer to CLanguageGenerator itself Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Daniel P. Berrangé --- ui/keycodemapdb | 2 +- ui/meson.build | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ui/keycodemapdb b/ui/keycodemapdb index 6b3d716e2b64..6119e6e19a05 160000 --- a/ui/keycodemapdb +++ b/ui/keycodemapdb @@ -1 +1 @@ -Subproject commit 6b3d716e2b6472eb7189d3220552280ef3d832ce +Subproject commit 6119e6e19a050df847418de7babe5166779955e4 diff --git a/ui/meson.build b/ui/meson.build index 634fabab0d54..156b600a9998 100644 --- a/ui/meson.build +++ b/ui/meson.build @@ -127,9 +127,10 @@ if have_system or xkbcommon.found() capture: true, input: files('keycodemapdb/data/keymaps.csv'), command: [python.full_path(), files('keycodemapdb/tools/keymap-gen'), + 'code-map', '--lang', 'glib2', '--varname', 'qemu_input_map_@0@_to_@1@'.format(e[0], e[1]), - 'code-map', '@INPUT0@', e[0], e[1]]) + '@INPUT0@', e[0], e[1]]) endforeach endif From a07e9fdd339e2142572d3da45e2e6869064a3055 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Thu, 28 Jan 2021 18:11:27 +0100 Subject: [PATCH 12/13] tests: Fix runtime error in test-authz-pam MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A test with sanitizers on macOS shows this error: authz/pamacct.c:50:25: runtime error: null pointer passed as argument 1, which is declared to never be null /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/security/pam_appl.h:56:2: note: nonnull attribute specified here Signed-off-by: Stefan Weil Signed-off-by: Daniel P. Berrangé --- tests/test-authz-pam.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/test-authz-pam.c b/tests/test-authz-pam.c index 1baeadee03db..4fe1ef2603e0 100644 --- a/tests/test-authz-pam.c +++ b/tests/test-authz-pam.c @@ -28,7 +28,7 @@ static bool failauth; /* - * These two functions are exported by libpam.so. + * These three functions are exported by libpam.so. * * By defining them again here, our impls are resolved * by the linker instead of those in libpam.so @@ -50,6 +50,7 @@ pam_start(const char *service_name, const char *user, failauth = false; } + *pamh = (pam_handle_t *)0xbadeaffe; return PAM_SUCCESS; } @@ -65,6 +66,13 @@ pam_acct_mgmt(pam_handle_t *pamh, int flags) } +int +pam_end(pam_handle_t *pamh, int status) +{ + return PAM_SUCCESS; +} + + static void test_authz_unknown_service(void) { Error *local_err = NULL; From ecb98f5c7589ba8ecd15c8b1baa2ec7192e47c75 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Thu, 28 Jan 2021 18:15:23 +0100 Subject: [PATCH 13/13] tests: Replace deprecated ASN1 code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes several compiler warnings on MacOS with Homebrew. The git development branch for forthcoming libtasn1 4.17.0 has introduced deprecation warnings for several macros/types that we use. Signed-off-by: Stefan Weil Signed-off-by: Daniel P. Berrangé --- tests/crypto-tls-x509-helpers.c | 10 +++++----- tests/crypto-tls-x509-helpers.h | 2 +- tests/pkix_asn1_tab.c | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/crypto-tls-x509-helpers.c b/tests/crypto-tls-x509-helpers.c index 01b3daf3585a..97658592a2f1 100644 --- a/tests/crypto-tls-x509-helpers.c +++ b/tests/crypto-tls-x509-helpers.c @@ -30,7 +30,7 @@ * This stores some static data that is needed when * encoding extensions in the x509 certs */ -ASN1_TYPE pkix_asn1; +asn1_node pkix_asn1; /* * To avoid consuming random entropy to generate keys, @@ -139,7 +139,7 @@ void test_tls_cleanup(const char *keyfile) /* * Turns an ASN1 object into a DER encoded byte array */ -static void test_tls_der_encode(ASN1_TYPE src, +static void test_tls_der_encode(asn1_node src, const char *src_name, gnutls_datum_t *res) { @@ -317,7 +317,7 @@ test_tls_generate_cert(QCryptoTLSTestCertReq *req, * the 'critical' field which we want control over */ if (req->basicConstraintsEnable) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; + asn1_node ext = NULL; asn1_create_element(pkix_asn1, "PKIX1.BasicConstraints", &ext); asn1_write_value(ext, "cA", @@ -344,7 +344,7 @@ test_tls_generate_cert(QCryptoTLSTestCertReq *req, * to be 'critical' */ if (req->keyUsageEnable) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; + asn1_node ext = NULL; char str[2]; str[0] = req->keyUsageValue & 0xff; @@ -374,7 +374,7 @@ test_tls_generate_cert(QCryptoTLSTestCertReq *req, * set this the hard way building up ASN1 data ourselves */ if (req->keyPurposeEnable) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; + asn1_node ext = NULL; asn1_create_element(pkix_asn1, "PKIX1.ExtKeyUsageSyntax", &ext); if (req->keyPurposeOID1) { diff --git a/tests/crypto-tls-x509-helpers.h b/tests/crypto-tls-x509-helpers.h index 08efba4e1973..8fcd7785ab0b 100644 --- a/tests/crypto-tls-x509-helpers.h +++ b/tests/crypto-tls-x509-helpers.h @@ -125,7 +125,7 @@ void test_tls_cleanup(const char *keyfile); }; \ test_tls_generate_cert(&varname, NULL) -extern const ASN1_ARRAY_TYPE pkix_asn1_tab[]; +extern const asn1_static_node pkix_asn1_tab[]; #endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */ diff --git a/tests/pkix_asn1_tab.c b/tests/pkix_asn1_tab.c index f15fc515cbd7..4aaf736d3f26 100644 --- a/tests/pkix_asn1_tab.c +++ b/tests/pkix_asn1_tab.c @@ -8,7 +8,7 @@ #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT -const ASN1_ARRAY_TYPE pkix_asn1_tab[] = { +const asn1_static_node pkix_asn1_tab[] = { {"PKIX1", 536875024, 0}, {0, 1073741836, 0}, {"id-ce", 1879048204, 0},