On 6/7/24 16:26, Daniel P. Berrangé wrote: > This was driven by the complaint that libvirt pulls in gnutls-utils > > https://src.fedoraproject.org/rpms/virt-viewer/pull-request/4 > > but also it lets us remove more usage of Shell code from libvirt, > as well as improving the consistency of certificate checks vs the > runtime checks we do. > > Daniel P. Berrangé (9): > rpc: split out helpers for TLS cert path location > rpc: refactor method for checking session certificates > rpc: split TLS cert validation into separate file > docs: fix author credit for virt-pki-validate tool > tools: split off common helpers for host validate tool > tools: drop unused --version argument > tools: stop checking init scripts & iptables config > tools: reimplement virt-pki-validate in C > tools: support validating user/custom PKI certs > > docs/manpages/virt-pki-validate.rst | 9 +- > libvirt.spec.in | 2 - > po/POTFILES | 3 + > src/rpc/meson.build | 7 +- > src/rpc/virnettlscert.c | 553 ++++++++++++++++++++++++++ > src/rpc/virnettlscert.h | 42 ++ > src/rpc/virnettlsconfig.c | 202 ++++++++++ > src/rpc/virnettlsconfig.h | 68 ++++ > src/rpc/virnettlscontext.c | 586 +--------------------------- > tools/meson.build | 31 +- > tools/virt-host-validate-ch.c | 12 +- > tools/virt-host-validate-common.c | 308 ++++++--------- > tools/virt-host-validate-common.h | 48 +-- > tools/virt-host-validate-lxc.c | 18 +- > tools/virt-host-validate-qemu.c | 30 +- > tools/virt-host-validate.c | 2 +- > tools/virt-login-shell-helper.c | 2 +- > tools/virt-pki-query-dn.c | 2 +- > tools/virt-pki-validate.c | 424 ++++++++++++++++++++ > tools/virt-pki-validate.in | 323 --------------- > tools/virt-validate-common.c | 110 ++++++ > tools/virt-validate-common.h | 57 +++ > 22 files changed, 1670 insertions(+), 1169 deletions(-) > create mode 100644 src/rpc/virnettlscert.c > create mode 100644 src/rpc/virnettlscert.h > create mode 100644 src/rpc/virnettlsconfig.c > create mode 100644 src/rpc/virnettlsconfig.h > create mode 100644 tools/virt-pki-validate.c > delete mode 100644 tools/virt-pki-validate.in > create mode 100644 tools/virt-validate-common.c > create mode 100644 tools/virt-validate-common.h > Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Michal
