Re: [PATCH v5 5/5] qemu: add default_cpu_deprecated_features configuration option

On Tue, Jul 01, 2025 at 03:58:02PM +0200, Boris Fiuczynski wrote: > On 7/1/25 10:46, Daniel P. Berrangé via Devel wrote: > > On Sun, Jun 29, 2025 at 11:19:30PM -0400, Collin Walling wrote: > > > From: Boris Fiuczynski > > > > > > Allow to define the default for deprecated_features when the attrib

Re: [PATCH v2 0/3] tls: Remove all traces of key encipherment usage

On a Tuesday in 2025, Peter Krempa via Devel wrote: v2: - [1/3] removed also GNUTLS_KEY_KEY_ENCIPHERMENT use in fallback code - [2/3 new] removed 'encryption_key' usage from kbase examples - [3/3 new] removed GNUTLS_KEY_KEY_ENCIPHERMENT use in testsuite Peter Krempa (3): tls: Don't require 'key

Re: [PATCH 00/10] Unify argument name of migration APIs

On a Thursday in 2025, Michal Privoznik via Devel wrote: Some of our APIs have 'bandwidth' argument but then, at internal impl level it's renamed to 'resource', inconsistently. Since it's really describing bandwidth that the migration can use, let's rename it. Michal Prívozník (10): src: Unify

Re: [PATCH 01/10] src: Unify argument name of virDomainMigratePrepare()

On a Thursday in 2025, Michal Privoznik via Devel wrote: From: Michal Privoznik The virDomainMigratePrepare() API declares its last argument as 'bandwidth', though throughout various typedefs, RPC and callback implementations the name is changed to 'resource'. This creates a confusing. Unify th

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

On Tue, Jul 01, 2025 at 10:59:06AM +0200, Peter Krempa wrote: > On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > > > From: Peter Krempa > > > > > > Key encipherment is required only for RSA key exchange

Re: [PATCH] tests: validate an XML config with USB vendor/product set

On 6/26/25 10:47, Daniel P. Berrangé via Devel wrote: > From: Daniel P. Berrangé > > The USB vendor/product is usually translated into a device/bus at > startup using the hostdev logic. We don't run the latter in the > unit test suite, but we can fake it by hardcoding a translation. > This demons

[PATCH v2 0/3] tls: Remove all traces of key encipherment usage

v2: - [1/3] removed also GNUTLS_KEY_KEY_ENCIPHERMENT use in fallback code - [2/3 new] removed 'encryption_key' usage from kbase examples - [3/3 new] removed GNUTLS_KEY_KEY_ENCIPHERMENT use in testsuite Peter Krempa (3): tls: Don't require 'keyEncipherment' to be enabled altoghther kbase: tl

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > > From: Peter Krempa > > > > Key encipherment is required only for RSA key exchange algorithm. With > > TLS 1.3 this is not even used as RSA is used only f

Re: [PATCH v5 5/5] qemu: add default_cpu_deprecated_features configuration option

On Sun, Jun 29, 2025 at 11:19:30PM -0400, Collin Walling wrote: > From: Boris Fiuczynski > > Allow to define the default for deprecated_features when the attribute > is not set in the cpu defintion of a domain XML. If these features are > still desired, they may be reenabled via the deprecated_fe

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > From: Peter Krempa > > Key encipherment is required only for RSA key exchange algorithm. With > TLS 1.3 this is not even used as RSA is used only for authentication. > > Since we can't really check when it's required ahead

Re: [PATCH v2 18/24] qapi/migration: Deprecate capabilities commands

On Tue, Jul 01, 2025 at 10:38:44 +0200, Jiri Denemark via Devel wrote: > On Mon, Jun 30, 2025 at 16:59:07 -0300, Fabiano Rosas wrote: > > The concept of capabilities is being merged into the concept of > > parameters. From now on, the commands that handle capabilities are > > deprecated in favor of

Re: [PATCH v2 18/24] qapi/migration: Deprecate capabilities commands

On Tue, Jul 01, 2025 at 10:38:44AM +0200, Jiri Denemark wrote: > On Mon, Jun 30, 2025 at 16:59:07 -0300, Fabiano Rosas wrote: > > The concept of capabilities is being merged into the concept of > > parameters. From now on, the commands that handle capabilities are > > deprecated in favor of the com

Release of libvirt-11.5.0

The 11.5.0 release of both libvirt and libvirt-python is tagged and signed tarballs are available at https://download.libvirt.org/ https://download.libvirt.org/python/ Thanks everybody who helped with this release by sending patches, reviewing, testing, or providing feedback. Your work is

Re: [PATCH v2 18/24] qapi/migration: Deprecate capabilities commands

On Mon, Jun 30, 2025 at 16:59:07 -0300, Fabiano Rosas wrote: > The concept of capabilities is being merged into the concept of > parameters. From now on, the commands that handle capabilities are > deprecated in favor of the commands that handle parameters. > > Affected commands: > > - migrate-se

Re: [PATCH v2 18/24] qapi/migration: Deprecate capabilities commands

Fabiano Rosas writes: > The concept of capabilities is being merged into the concept of > parameters. From now on, the commands that handle capabilities are > deprecated in favor of the commands that handle parameters. > > Affected commands: > > - migrate-set-capabilities > - query-migrate-capabi

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

On Tue, Jul 01, 2025 at 11:38:37AM +0100, Daniel P. Berrangé via Devel wrote: > On Tue, Jul 01, 2025 at 10:59:06AM +0200, Peter Krempa wrote: > > On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > > > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > > > > F

Re: [PATCH v5 5/5] qemu: add default_cpu_deprecated_features configuration option

On 7/1/25 10:46, Daniel P. Berrangé via Devel wrote: On Sun, Jun 29, 2025 at 11:19:30PM -0400, Collin Walling wrote: From: Boris Fiuczynski Allow to define the default for deprecated_features when the attribute is not set in the cpu defintion of a domain XML. If these features are still desire

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

On Tue, Jul 01, 2025 at 11:38:37 +0100, Daniel P. Berrangé wrote: > On Tue, Jul 01, 2025 at 10:59:06AM +0200, Peter Krempa wrote: > > On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > > > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > > > > From: Peter K

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

On Tue, Jul 01, 2025 at 01:13:36PM +0200, Peter Krempa wrote: > On Tue, Jul 01, 2025 at 11:38:37 +0100, Daniel P. Berrangé wrote: > > On Tue, Jul 01, 2025 at 10:59:06AM +0200, Peter Krempa wrote: > > > On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > > > > On Mon, Jun 30, 2025 at

[PATCH v2 1/3] tls: Don't require 'keyEncipherment' to be enabled altoghther

From: Peter Krempa Key encipherment is required only for RSA key exchange algorithm. With TLS 1.3 this is not even used as RSA is used only for authentication. Since we can't really check when it's required ahead of time drop the check completely. GnuTLS will moan if it will not be able to use R

[PATCH v2 3/3] tests: virnettls*test: Drop use of GNUTLS_KEY_KEY_ENCIPHERMENT

From: Peter Krempa It's not needed with TLS 1.3 any more. Signed-off-by: Peter Krempa --- tests/virnettlscontexttest.c | 36 ++-- tests/virnettlssessiontest.c | 14 +++--- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/tests/virnettlsco

[PATCH v2 2/3] kbase: tlscerts: Drop 'encryption_key' feature request

From: Peter Krempa As TLS 1.3 performs key exchange separately from the algorithm used to verify authenticity, the certificates for libvirt's use of TLS don't need to require the 'encryption_key' feature any more. Signed-off-by: Peter Krempa --- docs/kbase/tlscerts.rst | 2 -- 1 file changed,