From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53918) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vog5u-0007hi-Ib for qemu-devel@nongnu.org; Thu, 05 Dec 2013 16:04:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vog5p-0001rF-N7 for qemu-devel@nongnu.org; Thu, 05 Dec 2013 16:04:22 -0500 Received: from mx1.redhat.com ([209.132.183.28]:42876) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vog5p-0001qx-FU for qemu-devel@nongnu.org; Thu, 05 Dec 2013 16:04:17 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rB5L4FNG008853 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 5 Dec 2013 16:04:15 -0500 Received: from [10.3.113.22] (ovpn-113-22.phx2.redhat.com [10.3.113.22]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id rB5L4E3i030093 for ; Thu, 5 Dec 2013 16:04:15 -0500 Message-ID: <52A0EA4D.1020606@redhat.com> Date: Thu, 05 Dec 2013 14:04:13 -0700 From: Eric Blake MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="P0UVFjGlmMGqB289jFvrAVkprXguPsTu8" Subject: [Qemu-devel] detecting -enable-fips List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "qemu-devel@nongnu.org" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --P0UVFjGlmMGqB289jFvrAVkprXguPsTu8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Commit 0f66998 added the command line option -enable-fips for qemu 1.2; but as of at least qemu 1.6, the 'query-command-line-options' QMP monitor command does not report it. This is particularly annoying since the command line option is conditional - it is present in Linux builds but absent in BSD builds. Does anyone know of any other QMP method for querying if this command line option is supported? Or am I just relegated to trying it and seeing if the option gets rejected? [I'm personally of the opinion that libvirt should use -enable-fips 100% of the time; I don't really see what it is buying us to have an option that can be enabled but not disabled, and where enabling it has no impact except when running in FIPS mode; especially when the other libraries in use on the system already honor FIPS mode without any extra command line option. But I'm not going to be the one to argue for a change in behavior other than the mere detection of the option.] --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --P0UVFjGlmMGqB289jFvrAVkprXguPsTu8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSoOpOAAoJEKeha0olJ0Nq5c8H/0hnxD+Swmh+C+e9Qqiw1Krs 5lRsqDWBf4TDmPnUkDL7PPM8RG8vxYrcTljsRRujVZKICdOMuXy57Nd47Q1ZPbGn N5JDzWctKNHKV5qQBzJYfAColFYCou9JNd8e68XjUn6TdhD8pbA7cKAumxbkLBJ4 ijiwAT2sx+3vaBrd+kTe+G3iaf5PTQffaMZvIXQdGTiTLCDq3D2c3JRwfNTGYDsl FZ2RgCxsxRHteGgd4w2+z//aRPAawsF30/zFNqd3p1SFzF16JwUHzzcYLVTPIOiw otkX9ataGyBAc0Mf9EK487ARxBV8+ehCiju8/oayg4Hbr2CrsbBWL2LpfdpCbJg= =tJIi -----END PGP SIGNATURE----- --P0UVFjGlmMGqB289jFvrAVkprXguPsTu8--