From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58749) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VrVFI-0003pk-UU for qemu-devel@nongnu.org; Fri, 13 Dec 2013 11:05:50 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VrVFB-0003HF-J5 for qemu-devel@nongnu.org; Fri, 13 Dec 2013 11:05:44 -0500 Received: from mx1.redhat.com ([209.132.183.28]:33416) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VrVFB-0003Gv-1w for qemu-devel@nongnu.org; Fri, 13 Dec 2013 11:05:37 -0500 Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rBDG5a5f019933 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 13 Dec 2013 11:05:36 -0500 Received: from [10.3.113.138] (ovpn-113-138.phx2.redhat.com [10.3.113.138]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id rBDG5Z6J032696 for ; Fri, 13 Dec 2013 11:05:35 -0500 Message-ID: <52AB304F.90602@redhat.com> Date: Fri, 13 Dec 2013 09:05:35 -0700 From: Eric Blake MIME-Version: 1.0 References: <52A0EA4D.1020606@redhat.com> In-Reply-To: <52A0EA4D.1020606@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="RpHd68jVOtwLBUab2pQJWFjK7bBxLbMBD" Subject: Re: [Qemu-devel] detecting -enable-fips List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "qemu-devel@nongnu.org" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --RpHd68jVOtwLBUab2pQJWFjK7bBxLbMBD Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 12/05/2013 02:04 PM, Eric Blake wrote: > Commit 0f66998 added the command line option -enable-fips for qemu 1.2;= > but as of at least qemu 1.6, the 'query-command-line-options' QMP > monitor command does not report it. This is particularly annoying sinc= e > the command line option is conditional - it is present in Linux builds > but absent in BSD builds. Does anyone know of any other QMP method for= > querying if this command line option is supported? Or am I just > relegated to trying it and seeing if the option gets rejected? >=20 > [I'm personally of the opinion that libvirt should use -enable-fips 100= % > of the time; I don't really see what it is buying us to have an option > that can be enabled but not disabled, and where enabling it has no > impact except when running in FIPS mode; especially when the other > libraries in use on the system already honor FIPS mode without any extr= a > command line option. But I'm not going to be the one to argue for a > change in behavior other than the mere detection of the option.] Ping. Any thoughts at all on how to detect boolean command-line options via QMP? --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --RpHd68jVOtwLBUab2pQJWFjK7bBxLbMBD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSqzBPAAoJEKeha0olJ0NqfloH/RRErI8vO6YbIKxWj/+Bygxx MjAUdERhrqQBAZHCQ7H/DQRPHI5A+oBSygr49dAS5rDpbCIBx7jdMm/JsOU/3t9G VZf6y5HYnr/bt7NoNsqHb1HT1FTUWcNNSQ8D7k4y+KSP0pc4wy0EgcYlg5Ini3Db TCtfGqOiP0AD4OC4ihF/RCvpu/V3RxJDH/Wi/XKsxrEAkNs6MgXIBXluILGsshbm 6LnlLThdESNt99LLh7eSujjbt3AlHqWMOMpsCPhTjIuxkFEH89KKRZdqI4+bGG2Q ME9g2E6i+syQ2vwPV7iEkD9eRXDsmHY+pkcCsM5yxm+m/PQyjI2/6vD+8lkxFnc= =dGwL -----END PGP SIGNATURE----- --RpHd68jVOtwLBUab2pQJWFjK7bBxLbMBD--