On Wed, Oct 21, 2020 at 10:35:27AM +0200, Peter Krempa wrote: > From: Daniel P. Berrangé <berrange@xxxxxxxxxx> > > Use of the -enable-fips option is being deprecated in QEMU >= 5.2.0. If > FIPS compliance is required, QEMU must be built with libcrypt which will > unconditionally enforce it. > > Thus there is no need for libvirt to pass -enable-fips to modern QEMU. > Unfortunately there was never any way to probe for -enable-fips in the > first instance, it was enabled by libvirt based on version number > originally, and then later unconditionally enabled when libvirt dropped > support for older QEMU. Similarly we now use a version number check to > decide when to stop passing -enable-fips. > > Note that the qemu-5.2 capabilities are currently from the pre-release > version and will be updated once qemu-5.2 is released. > > Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> > --- > src/qemu/qemu_capabilities.c | 7 +++++++ > src/qemu/qemu_command.c | 12 +++++++++++- > src/qemu/qemu_command.h | 2 +- > src/qemu/qemu_driver.c | 2 +- > src/qemu/qemu_process.c | 2 +- > tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml | 1 + > tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 + > tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 + > tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml | 1 + > tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 1 + > tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml | 1 + > tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml | 1 + > tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 + > tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 1 + > tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 1 + > tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 1 + > tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 1 + > tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 1 + > tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1 + > tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 1 + > tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 1 + > tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 1 + > tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 1 + > tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 1 + > tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 1 + > tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 1 + > tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 + > tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 1 + > tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 1 + > tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml | 1 + > tests/qemuxml2argvtest.c | 5 +++++ > 56 files changed, 76 insertions(+), 4 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
