[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-
From: |
Daniel P . Berrangé |
Subject: |
Re: [Qemu-devel] [PATCH v7 01/24] build: Link user-only with crypto-rng-obj-y |
Date: |
Wed, 15 May 2019 17:53:28 +0100 |
User-agent: |
Mutt/1.11.4 (2019-03-13) |
On Tue, May 14, 2019 at 12:16:30PM -0700, Richard Henderson wrote:
> For user-only, we require only the random number bits of the
> crypto subsystem.
>
> We need to preserve --static linking, which for many recent Linux
> distributions precludes using GnuTLS or GCrypt. Instead, use our
> random-platform module unconditionally.
I don't think we need to special case in this way.
Today if you do a default build with all targets & tools and want
to use --static, but don't have static libs available for some
things you can achieve that
./configure --static --disable-gnutls --disable-gcrypt --disable-nettle
Previously if you took care to disable system emulators & tools
you could avoid the need to pass the --disable-* args, but I
think that's fairly minor.
So I think we should just use $(crypto-obj-y) unconditionally in
the user emulators, and get rid of crypto-aes-obj-y too.
This will give a consistent crypto story across all the things we
build with no special cases.
If people want a minimal static build they can stsill pass the
above --disable-XXX args which will result in them only using
the aes.o and rng-platform.o pieces.
>
> Signed-off-by: Richard Henderson <address@hidden>
> ---
> Makefile | 6 ++++--
> Makefile.objs | 1 +
> Makefile.target | 3 ++-
> crypto/Makefile.objs | 1 +
> 4 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index 66d5c65156..524f2f8a57 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -411,6 +411,7 @@ dummy := $(call unnest-vars,, \
> block-obj-m \
> crypto-obj-y \
> crypto-aes-obj-y \
> + crypto-rng-obj-y \
> qom-obj-y \
> io-obj-y \
> common-obj-y \
> @@ -482,8 +483,9 @@ subdir-capstone: .git-submodule-status
> subdir-slirp: .git-submodule-status
> $(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp
> BUILD_DIR="$(BUILD_DIR)/slirp" CC="$(CC)" AR="$(AR)" LD="$(LD)"
> RANLIB="$(RANLIB)" CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(LDFLAGS)")
>
> -$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) \
> - $(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY))
> +$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) $(qom-obj-y)
> \
> + $(crypto-aes-obj-$(CONFIG_USER_ONLY)) \
> + $(crypto-rng-obj-$(CONFIG_USER_ONLY))
>
> ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
> # Only keep -O and -g cflags
> diff --git a/Makefile.objs b/Makefile.objs
> index cf065de5ed..0c13ff47ea 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -26,6 +26,7 @@ block-obj-m = block/
>
> crypto-obj-y = crypto/
> crypto-aes-obj-y = crypto/
> +crypto-rng-obj-y = crypto/
>
> #######################################################################
> # qom-obj-y is code used by both qemu system emulation and qemu-img
> diff --git a/Makefile.target b/Makefile.target
> index ae02495951..4e579a0a84 100644
> --- a/Makefile.target
> +++ b/Makefile.target
> @@ -181,6 +181,7 @@ dummy := $(call unnest-vars,.., \
> chardev-obj-y \
> crypto-obj-y \
> crypto-aes-obj-y \
> + crypto-rng-obj-y \
> qom-obj-y \
> io-obj-y \
> common-obj-y \
> @@ -189,7 +190,7 @@ all-obj-y += $(common-obj-y)
> all-obj-y += $(qom-obj-y)
> all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y)
> all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y)
> -all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
> +all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y) $(crypto-rng-obj-y)
> all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
> all-obj-$(CONFIG_SOFTMMU) += $(io-obj-y)
>
> diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> index 256c9aca1f..ee7e628ca6 100644
> --- a/crypto/Makefile.objs
> +++ b/crypto/Makefile.objs
> @@ -37,5 +37,6 @@ crypto-obj-y += block-luks.o
>
> # Let the userspace emulators avoid linking gnutls/etc
> crypto-aes-obj-y = aes.o
> +crypto-rng-obj-y = random-platform.o
>
> stub-obj-y += pbkdf-stub.o
> --
> 2.17.1
>
>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
[Qemu-devel] [PATCH v7 02/24] crypto: Reverse code blocks in random-platform.c, Richard Henderson, 2019/05/14
[Qemu-devel] [PATCH v7 03/24] crypto: Do not fail for EINTR during qcrypto_random_bytes, Richard Henderson, 2019/05/14
[Qemu-devel] [PATCH v7 04/24] crypto: Use O_CLOEXEC in qcrypto_random_init, Richard Henderson, 2019/05/14
[Qemu-devel] [PATCH v7 05/24] crypto: Use getrandom for qcrypto_random_bytes, Richard Henderson, 2019/05/14