[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-
|
From: |
Richard Henderson |
|
Subject: |
Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y |
|
Date: |
Wed, 15 May 2019 10:22:08 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 |
On 5/15/19 9:53 AM, Daniel P. Berrangé wrote:
> On Tue, May 14, 2019 at 12:16:30PM -0700, Richard Henderson wrote:
>> For user-only, we require only the random number bits of the
>> crypto subsystem.
>>
>> We need to preserve --static linking, which for many recent Linux
>> distributions precludes using GnuTLS or GCrypt. Instead, use our
>> random-platform module unconditionally.
>
> I don't think we need to special case in this way.
>
> Today if you do a default build with all targets & tools and want
> to use --static, but don't have static libs available for some
> things you can achieve that
>
> ./configure --static --disable-gnutls --disable-gcrypt --disable-nettle
But we don't really want all of those --disable arguments by default. It would
be one thing if one explicitly used --enable-gnutls and got link errors. We
must preserve --static working all by itself.
> Previously if you took care to disable system emulators & tools
> you could avoid the need to pass the --disable-* args, but I
> think that's fairly minor.
Well, no, you get link errors.
(As an aside, IMO pkg-config is stupid in being only able to ask "is version X
installed" without also being about to ask "is a static version of X
installed". pkg-config has a --static option, it just doesn't use it.)
But suppose we add back the patch for --static sanity check from v6. What are
we left with? No crypto libraries remain on Fedora 30. It appears that Ubuntu
Bionic ships a static version of nettle, but nothing else. Is that useful on
its own?
> So I think we should just use $(crypto-obj-y) unconditionally in
> the user emulators, and get rid of crypto-aes-obj-y too.
>
> This will give a consistent crypto story across all the things we
> build with no special cases.
Well, maybe. But what are we trying to accomplish?
What use is crypto to the host side of linux-user? In general, all the crypto
that the application will do is on the guest side, within guest versions of
gnutls etc. All crypto that the guest expects of its kernel is done passing
off the syscall to the host kernel.
That's why, here in v7, I began to think that perhaps all the faffing about
with pkg-config vs --static was just a waste of time.
Have I missed something?
r~
[Qemu-devel] [PATCH v7 02/24] crypto: Reverse code blocks in random-platform.c, Richard Henderson, 2019/05/14
[Qemu-devel] [PATCH v7 03/24] crypto: Do not fail for EINTR during qcrypto_random_bytes, Richard Henderson, 2019/05/14
[Qemu-devel] [PATCH v7 04/24] crypto: Use O_CLOEXEC in qcrypto_random_init, Richard Henderson, 2019/05/14
[Qemu-devel] [PATCH v7 05/24] crypto: Use getrandom for qcrypto_random_bytes, Richard Henderson, 2019/05/14
[Qemu-devel] [PATCH v7 07/24] ui/vnc: Split out authentication_failed, Richard Henderson, 2019/05/14