In preparation for introducing TLS support to the TCP chardev
backend, convert existing chardev code from using GIOChannel
to QIOChannel. This simplifies the chardev code by removing
most of the OS platform conditional code for dealing with
file descriptor passing.
Signed-off-by: Daniel P
of helpers
Signed-off-by: Daniel P. Berrange
---
include/io/channel-unix.h | 50 +++
io/Makefile.objs | 1 +
io/channel-unix.c | 100 ++
3 files changed, 151 insertions(+)
create mode 100644 include/io/channel
telnet initialization
code into a memory buffer and then use an I/O watch to fully
send the data.
Signed-off-by: Daniel P. Berrange
---
qemu-char.c | 85 -
1 file changed, 67 insertions(+), 18 deletions(-)
diff --git a/qemu-char.c b/qemu
libraries, if desired.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs | 1 +
crypto/tlssession.c| 546 +
include/crypto/tlssession.h| 313 +++
tests/.gitignore | 4 +
tests/Makefile
1,port=9000,tls-cred=tls0 \
-device isa-serial,chardev=s0 \
-object qcrypto-tls-cred,id=tls0,credtype=x509,\
endpoint=client,dir=/home/berrange/security/qemutls
Signed-off-by: Daniel P. Berrange
---
qapi-schema.json | 2 +
qemu-char.c | 182 ++
Add a QIOChannel subclass that is capable of operating on things
that are files, such as plain files, pipes, character/block
devices, but notably not sockets.
Signed-off-by: Daniel P. Berrange
---
include/io/channel-file.h | 67
io/Makefile.objs | 1 +
io/channel
Remove the direct use of gnutls for hash processing in the
websockets code, in favour of using the crypto APIs. This
allows the websockets code to be built unconditionally
removing countless conditional checks from the VNC code.
Signed-off-by: Daniel P. Berrange
---
configure| 19
API
docs inline provide an outline of how this is to be used.
In this series, the QIOTask class will be used for things like
the TLS handshake, the websockets handshake and TCP connect()
progress.
Signed-off-by: Daniel P. Berrange
---
include/io/task.h | 168
Switch the qcow/qcow2 block driver over to use the generic cipher
API, this allows it to use the pluggable AES implementations,
instead of being hardcoded to use QEMU's built-in impl.
Signed-off-by: Daniel P. Berrange
---
block/qcow.c
Add a QIOChannel subclass that can run the websocket protocol over
the top of another QIOChannel instance.
Signed-off-by: Daniel P. Berrange
---
include/io/channel-websock.h | 108 +
io/Makefile.objs | 1 +
io/channel-websock.c | 976
On Fri, Apr 17, 2015 at 04:55:26PM +0200, Paolo Bonzini wrote:
>
>
> On 17/04/2015 16:22, Daniel P. Berrange wrote:
> > +
> > +Object *object_new_proplist(const char *typename,
> > +const char *id,
> > +
On Fri, Apr 17, 2015 at 05:19:31PM +0200, Paolo Bonzini wrote:
>
>
> On 17/04/2015 17:11, Daniel P. Berrange wrote:
> > > On second thought (after seeing patch 7), please add a property type
> > > argument here. We lose introspection of enum property types otherwise.
On Fri, Apr 17, 2015 at 05:01:24PM +0200, Paolo Bonzini wrote:
>
>
> On 17/04/2015 16:56, Paolo Bonzini wrote:
> >
> >
> > On 17/04/2015 16:22, Daniel P. Berrange wrote:
> >> A QOM property can be parsed as enum using the visit_type_enum()
> >> help
On Fri, Apr 17, 2015 at 05:28:09PM +0200, Paolo Bonzini wrote:
>
>
> On 17/04/2015 16:22, Daniel P. Berrange wrote:
> > Implement a QIOChannel subclass that supports sockets I/O
> >
> > TBD check errno handling of windows port & fix watch impl
> >
If we are linking to gnutls already and gnutls is built against
nettle, then we should use nettle as a cipher backend in
preference to our built-in backend.
This will be used when linking against some GNUTLS 2.x versions
and all GNUTLS 3.x versions.
Signed-off-by: Daniel P. Berrange
On Fri, Apr 17, 2015 at 05:16:26PM +0200, Paolo Bonzini wrote:
>
>
> On 17/04/2015 16:22, Daniel P. Berrange wrote:
> > A number of I/O operations need to be performed asynchronously
> > to avoid blocking the main loop. The caller of such APIs need
> > to provide
for the "benefit" of RFB, so call the new
files desrfb.c instead of d3des.c to make it clear that
it isn't a generally useful impl.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs | 1 +
ui/d3des.c => crypto/desrfb.c | 2 +-
ui/d3des.h => in
If we are linking to gnutls already and gnutls is built against
gcrypt, then we should use gcrypt as a cipher backend in
preference to our built-in backend.
This will be used when linking against GNUTLS 1.x and many
GNUTLS 2.x versions.
Signed-off-by: Daniel P. Berrange
---
configure
The Buffer code in the VNC server is useful for the IO channel
code, so pull it out into a shared module, QIOBuffer.
Signed-off-by: Daniel P. Berrange
---
include/io/buffer.h | 118
io/Makefile.objs| 1 +
io/buffer.c | 65
The minimal first step conversion to use QEMUIOChannelSocket
classes instead of directly using POSIX sockets API. This
will later be extended to also cover the TLS, SASL and
websockets code.
Signed-off-by: Daniel P. Berrange
---
ui/vnc-auth-sasl.c | 39 ++--
ui/vnc-auth-vencrypt.c | 45
On Fri, Apr 17, 2015 at 05:57:24PM +0200, Paolo Bonzini wrote:
>
>
> On 17/04/2015 17:49, Daniel P. Berrange wrote:
> > > In this case I even think you're leaking the task. You do object_ref
> > > twice (once at creation time, once before qio_channel_add_wat
On Fri, Apr 17, 2015 at 07:06:04PM +0200, Paolo Bonzini wrote:
>
>
> On 17/04/2015 18:11, Daniel P. Berrange wrote:
> >
> > +task = qio_task_new(OBJECT(ioc),
> > +func, opaque, destroy);
> > +
> > +q
On Fri, Apr 17, 2015 at 04:53:02PM +0800, Chen Fan wrote:
> backgrond:
> Live migration is one of the most important features of virtualization
> technology.
> With regard to recent virtualization techniques, performance of network I/O
> is critical.
> Current network I/O virtualization (e.g. Par
On Wed, Apr 22, 2015 at 10:23:04AM +0100, Daniel P. Berrange wrote:
> On Fri, Apr 17, 2015 at 04:53:02PM +0800, Chen Fan wrote:
> > backgrond:
> > Live migration is one of the most important features of virtualization
> > technology.
> > With regard to recen
On Wed, Apr 22, 2015 at 06:01:56PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
> > On Fri, Apr 17, 2015 at 04:53:02PM +0800, Chen Fan wrote:
> > > backgrond:
> > > Live migration is one of the most important features of virtu
On Wed, Apr 22, 2015 at 06:12:25PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
> > On Wed, Apr 22, 2015 at 06:01:56PM +0100, Dr. David Alan Gilbert wrote:
> > > * Daniel P. Berrange (berra...@redhat.com) wrote:
> > > > On F
On Mon, Apr 20, 2015 at 09:18:49AM +0200, Gerd Hoffmann wrote:
> On Fr, 2015-04-17 at 15:22 +0100, Daniel P. Berrange wrote:
> > Implement a QIOChannel subclass that supports sockets I/O
> >
> > TBD check errno handling of windows port & fix watch impl
>
On Fri, Apr 17, 2015 at 12:27:06PM -0600, Eric Blake wrote:
> On 04/17/2015 08:22 AM, Daniel P. Berrange wrote:
> > This integrates support for QIOChannelTLS object in the TCP
> > chardev backend. If the 'tls-cred=NAME' option is passed with
> > the '-chardev t
On Mon, Apr 27, 2015 at 12:44:52PM +0300, Michael Tokarev wrote:
> Currently we link individual object files from libcacard
> to qemu-system binaries, this way (from Makefile.objs):
>
> libcacard-y += libcacard/cac.o libcacard/event.o
> libcacard-y += libcacard/vcard.o libcacard/vreader.o
> ...
>
On Thu, May 14, 2015 at 12:12:52PM +0100, Stefano Stabellini wrote:
> On Wed, 13 May 2015, John Snow wrote:
> > On 05/13/2015 02:15 PM, Stefano Stabellini wrote:
> > > On Wed, 13 May 2015, Daniel P. Berrange wrote:
> > >> On Wed, May 13, 2015 at 06:29:46PM +
On Thu, May 14, 2015 at 02:45:30PM +0200, Markus Armbruster wrote:
> Paolo Bonzini writes:
>
> > On 14/05/2015 14:02, Markus Armbruster wrote:
> >> It should certainly be off for pc-q35-2.4 and newer. Real Q35 boards
> >> commonly don't have an FDC (depends on the Super I/O chip used).
> >>
On Thu, May 14, 2015 at 03:25:39PM +0200, Sander Eikelenboom wrote:
>
> Thursday, May 14, 2015, 2:53:17 PM, you wrote:
>
>
>
> > On 14/05/2015 14:45, Markus Armbruster wrote:
> >> Paolo Bonzini writes:
> >>
> >>> On 14/05/2015 14:02, Markus Armbruster wrote:
> It should certainly be of
On Wed, May 13, 2015 at 02:14:53PM +0200, Martin Cerveny wrote:
> Add network syntax parsing (ip address, port) to qom-* scripts.
>
> Signed-off-by: Martin Cerveny
> ---
> scripts/qmp/qom-fuse | 13 -
> scripts/qmp/qom-get | 12 +++-
> scripts/qmp/qom-list | 12 +++
On Tue, May 19, 2015 at 10:15:17AM -0400, Laine Stump wrote:
> On 05/19/2015 05:07 AM, Michael S. Tsirkin wrote:
> > On Wed, Apr 22, 2015 at 10:23:04AM +0100, Daniel P. Berrange wrote:
> >> On Fri, Apr 17, 2015 at 04:53:02PM +0800, Chen Fan wrote:
> >>> backgrond:
On Tue, May 19, 2015 at 04:03:04PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
> > On Tue, May 19, 2015 at 10:15:17AM -0400, Laine Stump wrote:
> > > On 05/19/2015 05:07 AM, Michael S. Tsirkin wrote:
> > > > On Wed, Ap
On Tue, May 19, 2015 at 05:39:05PM +0200, Michael S. Tsirkin wrote:
> On Tue, May 19, 2015 at 04:35:08PM +0100, Daniel P. Berrange wrote:
> > On Tue, May 19, 2015 at 04:03:04PM +0100, Dr. David Alan Gilbert wrote:
> > > * Daniel P. Berrange (berra...@redhat.com) wrote:
> >
On Tue, May 19, 2015 at 05:52:14PM +0200, Andreas Färber wrote:
> Am 13.05.2015 um 18:14 schrieb Daniel P. Berrange:
> > +Object *object_new_with_propv(const char *typename,
> > + Object *parent,
> > +
On Tue, May 19, 2015 at 06:08:10PM +0200, Michael S. Tsirkin wrote:
> On Tue, May 19, 2015 at 04:45:03PM +0100, Daniel P. Berrange wrote:
> > On Tue, May 19, 2015 at 05:39:05PM +0200, Michael S. Tsirkin wrote:
> > > On Tue, May 19, 2015 at 04:35:08PM +0100, Daniel P. Berrange wro
houghts? Thanks.
Actually, libvirt uses UTC for logging almost exclusively for quite a
while, because AFAIK, there is no async signal safe way to convert to
localtime in POSIX / glibc
commit 3ec128989606278635a7c5dfbeee959692d12e15
Author: Daniel P. Berrange
Date: Tue Nov 29 12:11:01 2011 +
Ad
from the output data.
Signed-off-by: Daniel P. Berrange
---
tests/qemu-iotests/131.out | 4
tests/qemu-iotests/common.filter | 3 ++-
2 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/tests/qemu-iotests/131.out b/tests/qemu-iotests/131.out
index 4eedb35..7141e4f 100644
--- a/te
On Wed, May 20, 2015 at 05:05:51PM +0200, Kevin Wolf wrote:
> Am 20.05.2015 um 13:45 hat Daniel P. Berrange geschrieben:
> > qemu-io prints a warning message
> >
> > "Disk image
> > '/home/berrange/src/virt/qemu/tests/qemu-iotests/scratch/t.qcow2' is
On Wed, May 20, 2015 at 11:44:19AM -0300, Eduardo Habkost wrote:
> On Tue, May 19, 2015 at 06:11:05PM +0200, Paolo Bonzini wrote:
> > On 19/05/2015 17:55, Daniel P. Berrange wrote:
> > > Paolo told me on previous posting that object_property_add_child()
> > > holds a ref
e to strip the local path.
Signed-off-by: Daniel P. Berrange
---
tests/qemu-iotests/131 | 8
tests/qemu-iotests/131.out | 8
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/tests/qemu-iotests/131 b/tests/qemu-iotests/131
index f44b0a0..c45b165 100755
--- a/te
On Wed, May 20, 2015 at 01:06:21PM -0300, Eduardo Habkost wrote:
> On Wed, May 20, 2015 at 04:18:03PM +0100, Daniel P. Berrange wrote:
> > On Wed, May 20, 2015 at 11:44:19AM -0300, Eduardo Habkost wrote:
> > > On Tue, May 19, 2015 at 06:11:05PM +0200, Paolo Bonzini wrote:
> &
x27;t clear if anyone else on the
existing QEMU maintainer list had any interest / knowledge
in maintaining the crypto related pieces.
Daniel P. Berrange (10):
crypto: introduce new module for computing hash digests
crypto: move built-in AES implementation into crypto/
crypto: move built-in D3D
To prepare for a generic internal cipher API, move the
built-in AES implementation into the crypto/ directory
Signed-off-by: Daniel P. Berrange
---
block/qcow.c | 2 +-
block/qcow2.c | 1 -
block/qcow2.h | 2 +-
crypto/Makefile.objs
for the "benefit" of RFB, so call the new
files desrfb.c instead of d3des.c to make it clear that
it isn't a generally useful impl.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs | 1 +
ui/d3des.c => crypto/desrfb.c | 2 +-
ui/d3des.h => in
If we are linking to gnutls already and gnutls is built against
nettle, then we should use nettle as a cipher backend in
preference to our built-in backend.
This will be used when linking against some GNUTLS 2.x versions
and all GNUTLS 3.x versions.
Signed-off-by: Daniel P. Berrange
Switch the VNC server over to use the generic cipher API, this
allows it to use the pluggable DES implementations, instead of
being hardcoded to use QEMU's built-in impl.
Signed-off-by: Daniel P. Berrange
---
ui/vnc.c | 52 +---
1 file change
hash.
Signed-off-by: Daniel P. Berrange
---
MAINTAINERS | 7 ++
Makefile.objs| 1 +
configure| 46 +++
crypto/Makefile.objs | 2 +
crypto/hash.c| 202 +
crypto/init.c| 62
Introduce a generic cipher API and an implementation of it that
supports only the built-in AES and DES-RFB algorithms.
The test suite checks the supported algorithms + modes to
validate that every backend implementation is actually correctly
complying with the specs.
Signed-off-by: Daniel P
If we are linking to gnutls already and gnutls is built against
gcrypt, then we should use gcrypt as a cipher backend in
preference to our built-in backend.
This will be used when linking against GNUTLS 1.x and many
GNUTLS 2.x versions.
Signed-off-by: Daniel P. Berrange
---
configure
ff-by: Daniel P. Berrange
---
block/Makefile.objs | 2 +-
block/quorum.c | 38 +++---
configure | 39 ---
3 files changed, 20 insertions(+), 59 deletions(-)
diff --git a/block/Makefile.objs b/block/Makefile.objs
index 0d
Remove the direct use of gnutls for hash processing in the
websockets code, in favour of using the crypto APIs. This
allows the websockets code to be built unconditionally
removing countless conditional checks from the VNC code.
Signed-off-by: Daniel P. Berrange
---
configure| 19
Switch the qcow/qcow2 block driver over to use the generic cipher
API, this allows it to use the pluggable AES implementations,
instead of being hardcoded to use QEMU's built-in impl.
Signed-off-by: Daniel P. Berrange
---
block/qcow.c
ell
> > Cc: Eduardo Habkost
> > Cc: Paolo Bonzini
> > Cc: Daniel P. Berrange
> >
> > The following changes since commit faa261a7fb254866bdd5b6a25ad94677945f21b4:
> >
> > Merge remote-tracking branch 'remotes/pmaydell/tags/pull-cocoa-20150519'
>
On Thu, May 21, 2015 at 12:38:01PM -0700, Richard Henderson wrote:
> On 05/21/2015 03:56 AM, Daniel P. Berrange wrote:
> > +static uint8_t *qcrypto_cipher_munge_des_rfb_key(const uint8_t *key,
> > + size_t nkey)
> > +{
> >
On Thu, May 21, 2015 at 12:52:43PM -0700, Richard Henderson wrote:
> On 05/21/2015 03:56 AM, Daniel P. Berrange wrote:
> > +QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
> > + QCryptoCipherMode mode,
> > +
On Thu, May 21, 2015 at 03:51:43PM +0200, Paolo Bonzini wrote:
> Some of you may have heard about the "Clear Containers" initiative from
> Intel, which couple KVM with various kernel tricks to create extremely
> lightweight virtual machines. The experimental Clear Containers setup
> requires only
On Fri, May 22, 2015 at 12:04:54PM +0100, Peter Maydell wrote:
> On 22 May 2015 at 12:01, Daniel P. Berrange wrote:
> > On the QEMU side of things I wonder if there is scope for taking AArch64's
> > 'virt' machine type concept and duplicating it on all architectures.
On Fri, May 22, 2015 at 12:21:27PM +0100, Peter Maydell wrote:
> On 22 May 2015 at 12:12, Daniel P. Berrange wrote:
> > Yep, it is hard saying no - but I'd think as long as it was possible to add
> > the extra features using -device, it ought to be practical to keep a &quo
On Fri, May 22, 2015 at 07:29:05PM +0800, Gonglei wrote:
> On 2015/5/21 18:56, Daniel P. Berrange wrote:
> > This small series covers the crypto consolidation patches
> > I previously posted as part of a larger RFC for the TLS work
> >
> > https://lists.nongnu.org/a
On Fri, May 22, 2015 at 07:50:03PM +0800, Gonglei wrote:
> On 2015/5/22 19:37, Daniel P. Berrange wrote:
> > On Fri, May 22, 2015 at 07:29:05PM +0800, Gonglei wrote:
> >> On 2015/5/21 18:56, Daniel P. Berrange wrote:
> >>> This small series covers the crypto
On Tue, May 26, 2015 at 02:51:45PM +0200, Gerd Hoffmann wrote:
> Hi,
>
> > >> +#
> > >> +# Set the spice/vnc connection info for the migration target. The
> > >> +# spice/vnc server will ask the spice/vnc client to automatically
> > >> +# reconnect using the new parameters (if specified) once t
On Tue, May 26, 2015 at 04:29:51PM +0200, Markus Armbruster wrote:
> Stefan Hajnoczi writes:
>
> > On Fri, May 22, 2015 at 09:22:19PM +0200, Thomas Huth wrote:
> >> So far, it is not possible to use the network dump interface
> >> with the "-netdev" option yet, it only works with the legacy
> >>
On Wed, May 27, 2015 at 01:19:06PM +0200, Markus Armbruster wrote:
> Gerd Hoffmann writes:
>
> > This patch adds the two extra brazilian keys to the evdev keymap for
> > X11. This patch gets the two keys going with the gtk and sdl1 UIs.
> >
> > With vnc (remote-viewer) only one of the two works
On Tue, May 26, 2015 at 03:58:05PM +0200, Gerd Hoffmann wrote:
> This patch adds the two extra brazilian keys to the evdev keymap for
> X11. This patch gets the two keys going with the gtk and sdl1 UIs.
>
> With vnc (remote-viewer) only one of the two works correctly.
> Probably a client-side iss
The 'policy' property was being registered with a typename of
'str', but it is in fact an enum of the 'HostMemPolicy' type.
Signed-off-by: Daniel P. Berrange
---
backends/hostmem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/backends/hostme
Add object_get_objects_root() method which is a convience for
obtaining the Object * located at /objects in the object
composition tree. Convert existing code over to use the new
API where appropriate.
Signed-off-by: Daniel P. Berrange
---
include/qom/object.h | 12
iothread.c
either the string elements, nor the array itself should
ever be modified.
Signed-off-by: Daniel P. Berrange
---
include/hw/qdev-core.h | 2 +-
include/qapi/util.h | 2 +-
include/qapi/visitor-impl.h | 6 +++---
include/qapi/visitor.h | 2 +-
include/qom/object.h| 2 +-
qapi/qa
delay
creation of those few which have an explicit dependency on the
chardevs. Hopefully the set which need delaying will remain small
over time.
Signed-off-by: Daniel P. Berrange
---
vl.c | 40 +++-
1 file changed, 39 insertions(+), 1 deletion(-)
diff --git a
-off-by: Daniel P. Berrange
---
qemu-options.hx | 70 -
1 file changed, 54 insertions(+), 16 deletions(-)
diff --git a/qemu-options.hx b/qemu-options.hx
index ec356f6..00ae287 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3421,22
tead of "char *path" paremeter
- Rely on stable reference from parent to keep new object alive
- Use object_unparent() where appropriate
Daniel P. Berrange (8):
backends: fix typename of 'policy' enum property in hostmem obj
doc: document user creatable object types in help
e there is no need to check the range of 'value' in
the setter, because the string->enum conversion code will
have already done that and reported an error as required.
Signed-off-by: Daniel P. Berrange
---
include/qom/object.h | 19
qom/object.c
NULL);
Note all property values are passed in string form and will
be parsed into their required data types, using normal QOM
semantics for parsing from string format.
Signed-off-by: Daniel P. Berrange
---
include/qemu/compiler.h| 6 ++
incl
to use the new enum property registration
code, which simplifies it somewhat.
Signed-off-by: Daniel P. Berrange
---
backends/hostmem.c | 22 --
include/qom/object.h | 4 ++--
numa.c | 2 +-
qom/object.c | 19
On Thu, May 28, 2015 at 08:24:04AM +0200, Gerd Hoffmann wrote:
> Hi,
>
> > For EVDEV_KPCOMMA it maps to XT KBD code 126 (0x7e in decimal) which
> > does not match your patch. I'm not sure where I got that mapping
> > from originally - probably from the Linux kernel's XT <-> evdev
> > keymapping
> This patch does just that. With this patch applied you can send those
> two keys to the guest using the send-key monitor command.
>
> Signed-off-by: Gerd Hoffmann
Reviewed-by: Daniel P. Berrange
Regards,
Daniel
--
|: http://berrange.com -o-http://www.flickr.com/photos/
SDL2
> library must be fixed before we can update ui/sdl2-keymap.h
>
> Signed-off-by: Gerd Hoffmann
Reviewed-by: Daniel P. Berrange
Regards,
Daniel
--
|: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o-
On Wed, May 27, 2015 at 08:16:01PM +0200, Andreas Färber wrote:
> Am 21.05.2015 um 13:53 schrieb Daniel P. Berrange:
> > On Thu, May 21, 2015 at 12:18:30PM +0100, Peter Maydell wrote:
> >> On 20 May 2015 at 16:51, Andreas Färber wrote:
> >>> Hello Peter,
> >>
On Fri, May 29, 2015 at 02:57:12PM +0100, Peter Maydell wrote:
> On 29 May 2015 at 14:51, Daniel P. Berrange wrote:
> > Since that caused failure with glib 2.22 could you revert that switch
> > to g_assert_null/nonnull.
>
> BTW, David Gilbert is looking at whether we can
On Tue, Mar 03, 2015 at 04:24:15PM +0100, Paolo Bonzini wrote:
> This provides g_ptr_array_new_with_free_func, as well as a few
> other functions that we've been hacking around in glib-compat.h.
> Cleaning up the compatibility headers will come later.
>
> Signed-off-by: Paolo Bonzini
> ---
> con
On Wed, Feb 04, 2015 at 11:32:29AM +, Daniel P. Berrange wrote:
> In QEMU there are a number of features which involve communication with an
> external system over an I/O channel of some form. The features include
> migration, NBD, VNC and character devices. The I/O channel in quest
low multiple servers
caused a regression by turning 'x509verify' into a boolean
parameter instead. This breaks setup from libvirt and is not
consistent with the docs.
Signed-off-by: Daniel P. Berrange
---
ui/vnc.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --g
On Tue, Mar 10, 2015 at 06:26:38PM +0100, Markus Armbruster wrote:
> RFC because the series only covers open [PATCH 1], but not create.
> Also missing: make qemu-img print a warning when it creates an
> encrypted image. Finally, some of the material in the cover letter
> should be worked into the
On Tue, Mar 10, 2015 at 06:26:39PM +0100, Markus Armbruster wrote:
> Signed-off-by: Markus Armbruster
> ---
> block/qcow.c | 5 +
> block/qcow2.c | 5 +
> include/block/block.h | 3 +--
> qemu-img.c| 1 +
> 4 files changed, 12 insertions(+), 2 deletions(-)
>
On Wed, Mar 11, 2015 at 09:48:46AM +0800, Gonglei wrote:
> On 2015/3/11 0:27, Daniel P. Berrange wrote:
> > The 'x509verify' parameter is documented as taking a path to the
> > x509 certificates, ie the same syntax as the 'x509' parameter.
> >
> >
On Wed, Mar 11, 2015 at 07:07:49PM +0800, Gonglei wrote:
> On 2015/3/11 17:45, Daniel P. Berrange wrote:
> > On Wed, Mar 11, 2015 at 09:48:46AM +0800, Gonglei wrote:
> >> On 2015/3/11 0:27, Daniel P. Berrange wrote:
> >>> The 'x509verify' parameter is docum
On Wed, Mar 11, 2015 at 07:24:58PM +0800, Gonglei wrote:
> On 2015/3/11 19:10, Daniel P. Berrange wrote:
> > On Wed, Mar 11, 2015 at 07:07:49PM +0800, Gonglei wrote:
> >> On 2015/3/11 17:45, Daniel P. Berrange wrote:
> >>> On Wed, Mar 11, 2015 at 09:48:46AM +0800, G
On Wed, Mar 11, 2015 at 09:55:16AM +0100, Markus Armbruster wrote:
> "Daniel P. Berrange" writes:
>
> > On Tue, Mar 10, 2015 at 06:26:38PM +0100, Markus Armbruster wrote:
> >> RFC because the series only covers open [PATCH 1], but not create.
> >> Also mis
need to support both "models" of CPU, so changing
based on machine type is inappropriate in this scenario.
Reviewed-by: Daniel P. Berrange
Regards,
Daniel
--
|: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o-
On Fri, Mar 13, 2015 at 04:09:57PM -0300, Eduardo Habkost wrote:
> With the Intel microcode update that removed HLE and RTM, there will be
> different kinds of Haswell and Broadwell CPUs out there: some that still
> have the HLE and RTM features, and some that don't have the HLE and RTM
> features.
": "DeviceEncrypted", "desc": "'foo' (geheim.qcow2) is
> encrypted"}}
> {"execute":"device_del","arguments": { "id": "bar" } }
> {"timestamp": {"seconds": 1
This is a small series of fixes for the VNC server, the most significant
of which is the last one affecting websockets + TLS integration. These
prepare the way for work I'm doing to refactor TLS handling into a module
that is reusable across QEMU.
Daniel P. Berrange (3):
ui: remove u
ant to
prepare for future the refactoring work on TLS work, which will
ensure identical code paths are taken for TLS handshakes in both
websockets and non-websockets scenarios.
Signed-off-by: Daniel P. Berrange
---
ui/vnc-tls.c | 70 +---
ui/v
Handling of VNC audio messages results in printfs to the console.
This is of no use to anyone in production, so should be using the
normal VNC_DEBUG macro instead.
Signed-off-by: Daniel P. Berrange
---
ui/vnc.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/ui
Signed-off-by: Daniel P. Berrange
---
ui/vnc-auth-vencrypt.c | 1 -
ui/vnc-tls.c | 2 --
ui/vnc-tls.h | 7 ---
ui/vnc-ws.c| 1 -
4 files changed, 11 deletions(-)
diff --git a/ui/vnc-auth-vencrypt.c b/ui/vnc-auth-vencrypt.c
index bc7032e..a420ccb 100644
--- a
On Mon, Mar 16, 2015 at 01:17:16PM +, Alex Bennée wrote:
>
> Daniel P. Berrange writes:
>
> > The way the websockets TLS code was integrated into the VNC server
> > made it insecure and essentially useless. The only time that the
> > websockets TLS support coul
On Fri, Mar 13, 2015 at 04:43:54PM -0400, Programmingkid wrote:
>
> On Mar 13, 2015, at 1:31 PM, Paolo Bonzini wrote:
>
> >
> >
> > On 13/03/2015 15:48, Programmingkid wrote:
> >>
> >> On Mar 13, 2015, at 5:51 AM, Peter Maydell wrote:
> >>
> >>> On 13 March 2015 at 04:35, Programmingkid
> >
On Tue, Mar 17, 2015 at 08:36:40AM +0100, Gerd Hoffmann wrote:
> Hi,
>
> > - Separate VNC auth scheme is tracked for websockets server,
> >since it makes no sense to try to use VeNCrypt over a TLS
> >enabled websockets connection.
>
> Hmm. That is a problem for the QAPI, the auth sche
601 - 700 of 6827 matches
Mail list logo
