On Mon, Jun 06, 2016 at 16:09:03 +0100, Daniel Berrange wrote:
> In Fedora >= 21, there is a new crypto priority framework
> that sets TLS policies globally for all apps. To activate
> this with GNUTLS we must request "@SYSTEM" instead of
> the traditional "NORMAL" string. The '@' causes gnutls todo
> a lookup in its config file for the 'SYSTEM' keyword entry.
>
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
> libvirt.spec.in | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index 8b88eef..2d138b0 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -208,6 +208,12 @@
> %define enable_werror --disable-werror
> %endif
>
> +%if 0%{?fedora} >= 21
> + %define tls_priority "@SYSTEM"
> +%else
> + %define tls_priority "NORMAL"
> +%endif
> +
>
> Summary: Library providing a simple virtualization API
> Name: libvirt
> @@ -1164,6 +1170,7 @@ rm -f po/stamp-po
> %{arg_packager_version} \
> --with-qemu-user=%{qemu_user} \
> --with-qemu-group=%{qemu_group} \
> + --with-tls-priority=%{tls_priority} \
This looks misalidned in git show output.
> %{?arg_loader_nvram} \
> %{?enable_werror} \
> --enable-expensive-tests \
ACK
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list