On a Wednesday in 2021, Peter Krempa wrote:
We are at the point where we can remove all the code to pass secrets (RBD/iSCSI authentication passwords) on the commandline in plaintext as all supported versions of qemu now support -object secret and the corresponding methods to pass the secrets securely. Peter Krempa (12): util: Remove use of virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) qemu: Always assume presence of QEMU_CAPS_OBJECT_SECRET qemu: capabilities: Retire QEMU_CAPS_OBJECT_SECRET qemu: domain: Remove qemuDomainSupportsEncryptedSecret qemu: domain: Always assume QEMU_CAPS_ISCSI_PASSWORD_SECRET qemu: capabilities: Retire QEMU_CAPS_ISCSI_PASSWORD_SECRET qemu: Remove VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN and associated code qemu: command: Remove qemuBuildGeneralSecinfoURI qemuBuildSCSIiSCSIHostdevDrvStr: Don't call qemuDiskSourceNeedsProps qemu: Simplify qemuDomainSecretInfo qemu: domain: Rename secrets setup function qemu: command: Remove qemuBuildRBDSecinfoURI src/libvirt_private.syms | 1 - src/qemu/qemu_backup.c | 2 +- src/qemu/qemu_block.c | 40 ++- src/qemu/qemu_capabilities.c | 6 +- src/qemu/qemu_capabilities.h | 4 +- src/qemu/qemu_command.c | 184 +++--------- src/qemu/qemu_domain.c | 274 ++++--------------
[...]
tests/qemuxml2argvdata/watchdog.args | 1 + tests/qemuxml2argvdata/x86-kvm-32-on-64.args | 1 + tests/qemuxml2argvtest.c | 23 +- tests/vircryptotest.c | 5 - 611 files changed, 710 insertions(+), 591 deletions(-)
Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx> Jano
Attachment:
signature.asc
Description: PGP signature
