Daniel P. Berrangé <berrange@xxxxxxxxxx> writes:
> This has been replaced by the 'password-secret' option,
> which references a 'secret' object instance.
>
> Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>
> Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
Reviewed-by: Fabiano Rosas <farosas@xxxxxxx>
Just a small detail below.
> ---
> docs/about/deprecated.rst | 8 --------
> docs/about/removed-features.rst | 7 +++++++
> qemu-options.hx | 9 +--------
> ui/spice-core.c | 15 ---------------
> 4 files changed, 8 insertions(+), 31 deletions(-)
>
> diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
> index daf2334040..8fbe7cb5fe 100644
> --- a/docs/about/deprecated.rst
> +++ b/docs/about/deprecated.rst
> @@ -73,14 +73,6 @@ Input parameters that take a size value should only use a size suffix
> the value is hexadecimal. That is, '0x20M' is deprecated, and should
> be written either as '32M' or as '0x2000000'.
>
> -``-spice password=string`` (since 6.0)
> -''''''''''''''''''''''''''''''''''''''
> -
> -This option is insecure because the SPICE password remains visible in
> -the process listing. This is replaced by the new ``password-secret``
> -option which lets the password be securely provided on the command
> -line using a ``secret`` object instance.
> -
> ``-smp`` ("parameter=0" SMP configurations) (since 6.2)
> '''''''''''''''''''''''''''''''''''''''''''''''''''''''
>
> diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
> index 63df9848fd..2cbb1b7afe 100644
> --- a/docs/about/removed-features.rst
> +++ b/docs/about/removed-features.rst
> @@ -408,6 +408,13 @@ pcspk-audiodev=<name>``.
>
> Use ``-device`` instead.
>
> +``-spice password=string`` (removed in 8.0)
> +'''''''''''''''''''''''''''''''''''''''''''
> +
> +This optionwas insecure because the SPICE password remained visible in
Missing a space here.
> +the process listing. This was replaced by the new ``password-secret``
> +option which lets the password be securely provided on the command
> +line using a ``secret`` object instance.
>
> QEMU Machine Protocol (QMP) commands
> ------------------------------------
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 58efb58072..847d71e567 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -2132,7 +2132,7 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice,
> " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n"
> " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n"
> " [,sasl=on|off][,disable-ticketing=on|off]\n"
> - " [,password=<string>][,password-secret=<secret-id>]\n"
> + " [,password-secret=<secret-id>]\n"
> " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n"
> " [,jpeg-wan-compression=[auto|never|always]]\n"
> " [,zlib-glz-wan-compression=[auto|never|always]]\n"
> @@ -2158,13 +2158,6 @@ SRST
> ``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off``
> Force using the specified IP version.
>
> - ``password=<string>``
> - Set the password you need to authenticate.
> -
> - This option is deprecated and insecure because it leaves the
> - password visible in the process listing. Use ``password-secret``
> - instead.
> -
> ``password-secret=<secret-id>``
> Set the ID of the ``secret`` object containing the password
> you need to authenticate.
> diff --git a/ui/spice-core.c b/ui/spice-core.c
> index 72f8f1681c..76f7c2bc3d 100644
> --- a/ui/spice-core.c
> +++ b/ui/spice-core.c
> @@ -412,9 +412,6 @@ static QemuOptsList qemu_spice_opts = {
> .name = "unix",
> .type = QEMU_OPT_BOOL,
> #endif
> - },{
> - .name = "password",
> - .type = QEMU_OPT_STRING,
> },{
> .name = "password-secret",
> .type = QEMU_OPT_STRING,
> @@ -666,20 +663,8 @@ static void qemu_spice_init(void)
> }
> passwordSecret = qemu_opt_get(opts, "password-secret");
> if (passwordSecret) {
> - if (qemu_opt_get(opts, "password")) {
> - error_report("'password' option is mutually exclusive with "
> - "'password-secret'");
> - exit(1);
> - }
> password = qcrypto_secret_lookup_as_utf8(passwordSecret,
> &error_fatal);
> - } else {
> - str = qemu_opt_get(opts, "password");
> - if (str) {
> - warn_report("'password' option is deprecated and insecure, "
> - "use 'password-secret' instead");
> - password = g_strdup(str);
> - }
> }
>
> if (tls_port) {
