From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Kevin Wolf" <kwolf@redhat.com>, "Thomas Huth" <thuth@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
qemu-block@nongnu.org, libvir-list@redhat.com,
"Max Reitz" <mreitz@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>
Subject: [PULL 06/13] Prefer 'on' | 'off' over 'yes' | 'no' for bool options
Date: Fri, 29 Jan 2021 17:10:55 +0000 [thread overview]
Message-ID: <20210129171102.4109641-7-berrange@redhat.com> (raw)
In-Reply-To: <20210129171102.4109641-1-berrange@redhat.com>
Update some docs and test cases to use 'on' | 'off' as the preferred
value for bool options.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
docs/system/vnc-security.rst | 10 +++++-----
include/authz/listfile.h | 2 +-
qemu-options.hx | 4 ++--
tests/qemu-iotests/233 | 4 ++--
4 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/docs/system/vnc-security.rst b/docs/system/vnc-security.rst
index 558e4faffc..ebca656d87 100644
--- a/docs/system/vnc-security.rst
+++ b/docs/system/vnc-security.rst
@@ -65,7 +65,7 @@ encrypted session.
.. parsed-literal::
|qemu_system| [...OPTIONS...] \
- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=no \
+ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=off \
-vnc :1,tls-creds=tls0 -monitor stdio
In the above example ``/etc/pki/qemu`` should contain at least three
@@ -84,12 +84,12 @@ connecting. The server will request that the client provide a
certificate, which it will then validate against the CA certificate.
This is a good choice if deploying in an environment with a private
internal certificate authority. It uses the same syntax as previously,
-but with ``verify-peer`` set to ``yes`` instead.
+but with ``verify-peer`` set to ``on`` instead.
.. parsed-literal::
|qemu_system| [...OPTIONS...] \
- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
+ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
-vnc :1,tls-creds=tls0 -monitor stdio
.. _vnc_005fsec_005fcertificate_005fpw:
@@ -103,7 +103,7 @@ authentication to provide two layers of authentication for clients.
.. parsed-literal::
|qemu_system| [...OPTIONS...] \
- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
+ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
-vnc :1,tls-creds=tls0,password -monitor stdio
(qemu) change vnc password
Password: ********
@@ -145,7 +145,7 @@ x509 options:
.. parsed-literal::
|qemu_system| [...OPTIONS...] \
- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
+ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
-vnc :1,tls-creds=tls0,sasl -monitor stdio
.. _vnc_005fsetup_005fsasl:
diff --git a/include/authz/listfile.h b/include/authz/listfile.h
index 0a1e5bddd3..0b7fe72198 100644
--- a/include/authz/listfile.h
+++ b/include/authz/listfile.h
@@ -73,7 +73,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile,
* The object can be created on the command line using
*
* -object authz-list-file,id=authz0,\
- * filename=/etc/qemu/myvm-vnc.acl,refresh=yes
+ * filename=/etc/qemu/myvm-vnc.acl,refresh=on
*
*/
struct QAuthZListFile {
diff --git a/qemu-options.hx b/qemu-options.hx
index 9172d51659..d0410f0512 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5027,7 +5027,7 @@ SRST
Note the use of quotes due to the x509 distinguished name
containing whitespace, and escaping of ','.
- ``-object authz-listfile,id=id,filename=path,refresh=yes|no``
+ ``-object authz-listfile,id=id,filename=path,refresh=on|off``
Create an authorization object that will control access to
network services.
@@ -5072,7 +5072,7 @@ SRST
# |qemu_system| \\
... \\
- -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=yes \\
+ -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=on \\
...
``-object authz-pam,id=id,service=string``
diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233
index 7ce5764903..da150cd27b 100755
--- a/tests/qemu-iotests/233
+++ b/tests/qemu-iotests/233
@@ -84,7 +84,7 @@ echo
echo "== check plain client to TLS server fails =="
nbd_server_start_tcp_socket \
- --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \
+ --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \
--tls-creds tls0 \
-f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log"
@@ -129,7 +129,7 @@ echo "== check TLS with authorization =="
nbd_server_stop
nbd_server_start_tcp_socket \
- --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \
+ --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \
--object "authz-simple,id=authz0,identity=CN=localhost,, \
O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \
--tls-authz authz0 \
--
2.29.2
next prev parent reply other threads:[~2021-01-29 17:42 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-29 17:10 [PULL 00/13] Misc patches Daniel P. Berrangé
2021-01-29 17:10 ` [PULL 01/13] crypto: Fix some code style problems, add spaces around operator Daniel P. Berrangé
2021-01-29 17:10 ` [PULL 02/13] crypto: Move USER_CREATABLE to secret_common base class Daniel P. Berrangé
2021-01-29 17:10 ` [PULL 03/13] crypto: Forbid broken unloading of secrets Daniel P. Berrangé
2021-01-29 17:10 ` [PULL 04/13] crypto: Fix memory leaks in set_loaded for tls-* Daniel P. Berrangé
2021-01-29 17:10 ` [PULL 05/13] os: deprecate the -enable-fips option and QEMU's FIPS enforcement Daniel P. Berrangé
2021-01-29 17:10 ` Daniel P. Berrangé [this message]
2021-01-29 17:10 ` [PULL 07/13] docs: simplify and clarify the platform support rules Daniel P. Berrangé
2021-01-29 17:10 ` [PULL 08/13] docs: fix missing backslash in certtool shell example Daniel P. Berrangé
2021-01-29 17:10 ` [PULL 09/13] configure: replace --enable/disable-git-update with --with-git-submodules Daniel P. Berrangé
2021-01-29 17:10 ` [PULL 10/13] crypto: Add spaces around operator Daniel P. Berrangé
2021-01-29 17:11 ` [PULL 11/13] ui: update keycodemapdb submodule commit Daniel P. Berrangé
2021-01-29 17:11 ` [PULL 12/13] tests: Fix runtime error in test-authz-pam Daniel P. Berrangé
2021-01-29 17:11 ` [PULL 13/13] tests: Replace deprecated ASN1 code Daniel P. Berrangé
2021-01-29 17:21 ` [PULL 00/13] Misc patches no-reply
2021-01-29 23:04 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210129171102.4109641-7-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=libvir-list@redhat.com \
--cc=mreitz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.