From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Richard Henderson <richard.henderson@linaro.org>
Cc: lvivier@redhat.com, qemu-devel@nongnu.org, armbru@redhat.com
Subject: Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y
Date: Wed, 15 May 2019 17:53:28 +0100 [thread overview]
Message-ID: <20190515165328.GK4751@redhat.com> (raw)
In-Reply-To: <20190514191653.31488-2-richard.henderson@linaro.org>
On Tue, May 14, 2019 at 12:16:30PM -0700, Richard Henderson wrote:
> For user-only, we require only the random number bits of the
> crypto subsystem.
>
> We need to preserve --static linking, which for many recent Linux
> distributions precludes using GnuTLS or GCrypt. Instead, use our
> random-platform module unconditionally.
I don't think we need to special case in this way.
Today if you do a default build with all targets & tools and want
to use --static, but don't have static libs available for some
things you can achieve that
./configure --static --disable-gnutls --disable-gcrypt --disable-nettle
Previously if you took care to disable system emulators & tools
you could avoid the need to pass the --disable-* args, but I
think that's fairly minor.
So I think we should just use $(crypto-obj-y) unconditionally in
the user emulators, and get rid of crypto-aes-obj-y too.
This will give a consistent crypto story across all the things we
build with no special cases.
If people want a minimal static build they can stsill pass the
above --disable-XXX args which will result in them only using
the aes.o and rng-platform.o pieces.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> Makefile | 6 ++++--
> Makefile.objs | 1 +
> Makefile.target | 3 ++-
> crypto/Makefile.objs | 1 +
> 4 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index 66d5c65156..524f2f8a57 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -411,6 +411,7 @@ dummy := $(call unnest-vars,, \
> block-obj-m \
> crypto-obj-y \
> crypto-aes-obj-y \
> + crypto-rng-obj-y \
> qom-obj-y \
> io-obj-y \
> common-obj-y \
> @@ -482,8 +483,9 @@ subdir-capstone: .git-submodule-status
> subdir-slirp: .git-submodule-status
> $(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp BUILD_DIR="$(BUILD_DIR)/slirp" CC="$(CC)" AR="$(AR)" LD="$(LD)" RANLIB="$(RANLIB)" CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(LDFLAGS)")
>
> -$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) \
> - $(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY))
> +$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) $(qom-obj-y) \
> + $(crypto-aes-obj-$(CONFIG_USER_ONLY)) \
> + $(crypto-rng-obj-$(CONFIG_USER_ONLY))
>
> ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
> # Only keep -O and -g cflags
> diff --git a/Makefile.objs b/Makefile.objs
> index cf065de5ed..0c13ff47ea 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -26,6 +26,7 @@ block-obj-m = block/
>
> crypto-obj-y = crypto/
> crypto-aes-obj-y = crypto/
> +crypto-rng-obj-y = crypto/
>
> #######################################################################
> # qom-obj-y is code used by both qemu system emulation and qemu-img
> diff --git a/Makefile.target b/Makefile.target
> index ae02495951..4e579a0a84 100644
> --- a/Makefile.target
> +++ b/Makefile.target
> @@ -181,6 +181,7 @@ dummy := $(call unnest-vars,.., \
> chardev-obj-y \
> crypto-obj-y \
> crypto-aes-obj-y \
> + crypto-rng-obj-y \
> qom-obj-y \
> io-obj-y \
> common-obj-y \
> @@ -189,7 +190,7 @@ all-obj-y += $(common-obj-y)
> all-obj-y += $(qom-obj-y)
> all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y)
> all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y)
> -all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
> +all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y) $(crypto-rng-obj-y)
> all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
> all-obj-$(CONFIG_SOFTMMU) += $(io-obj-y)
>
> diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> index 256c9aca1f..ee7e628ca6 100644
> --- a/crypto/Makefile.objs
> +++ b/crypto/Makefile.objs
> @@ -37,5 +37,6 @@ crypto-obj-y += block-luks.o
>
> # Let the userspace emulators avoid linking gnutls/etc
> crypto-aes-obj-y = aes.o
> +crypto-rng-obj-y = random-platform.o
>
> stub-obj-y += pbkdf-stub.o
> --
> 2.17.1
>
>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2019-05-15 16:54 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-14 19:16 [Qemu-devel] [PATCH v7 00/24] Add qemu_getrandom and ARMv8.5-RNG etc Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y Richard Henderson
2019-05-15 16:42 ` Laurent Vivier
2019-05-15 16:51 ` Richard Henderson
2019-05-15 16:53 ` Daniel P. Berrangé [this message]
2019-05-15 17:22 ` Richard Henderson
2019-05-15 17:49 ` Daniel P. Berrangé
2019-05-15 19:38 ` Laurent Vivier
2019-05-15 20:15 ` Daniel P. Berrangé
2019-05-16 14:48 ` Richard Henderson
2019-05-16 14:55 ` Daniel P. Berrangé
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 02/24] crypto: Reverse code blocks in random-platform.c Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 03/24] crypto: Do not fail for EINTR during qcrypto_random_bytes Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 04/24] crypto: Use O_CLOEXEC in qcrypto_random_init Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 05/24] crypto: Use getrandom for qcrypto_random_bytes Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 06/24] crypto: Change the qcrypto_random_bytes buffer type to void* Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 07/24] ui/vnc: Split out authentication_failed Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 08/24] ui/vnc: Use gcrypto_random_bytes for start_auth_vnc Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 09/24] util: Add qemu_guest_getrandom and associated routines Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 10/24] cpus: Initialize pseudo-random seeds for all guest cpus Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 11/24] linux-user: " Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 12/24] linux-user: Call qcrypto_random_init if not using -seed Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 13/24] linux-user: Use qemu_guest_getrandom_nofail for AT_RANDOM Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 14/24] linux-user/aarch64: Use qemu_guest_getrandom for PAUTH keys Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 15/24] linux-user: Remove srand call Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 16/24] aspeed/scu: Use qemu_guest_getrandom_nofail Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 17/24] hw/misc/nrf51_rng: " Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 18/24] hw/misc/bcm2835_rng: " Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 19/24] hw/misc/exynos4210_rng: Use qemu_guest_getrandom Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 20/24] target/arm: Put all PAC keys into a structure Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 21/24] target/arm: Implement ARMv8.5-RNG Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 22/24] target/ppc: Use qemu_guest_getrandom for DARN Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 23/24] target/ppc: Use gen_io_start/end around DARN Richard Henderson
2019-05-14 19:16 ` [Qemu-devel] [PATCH v7 24/24] target/i386: Implement CPUID_EXT_RDRAND Richard Henderson
2019-05-15 6:49 ` [Qemu-devel] [PATCH v7 00/24] Add qemu_getrandom and ARMv8.5-RNG etc Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190515165328.GK4751@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=lvivier@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.