mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-21 20:15:17 +00:00
qemu_capabilities: Retire QEMU_CAPS_ENABLE_FIPS
The capability is no longer used. Retire it. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
parent
8cf81de8bf
commit
295eb1b3d8
@ -290,7 +290,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
|
|||||||
"pvpanic", /* QEMU_CAPS_DEVICE_PANIC */
|
"pvpanic", /* QEMU_CAPS_DEVICE_PANIC */
|
||||||
|
|
||||||
/* 160 */
|
/* 160 */
|
||||||
"enable-fips", /* QEMU_CAPS_ENABLE_FIPS */
|
"enable-fips", /* X_QEMU_CAPS_ENABLE_FIPS */
|
||||||
"spice-file-xfer-disable", /* X_QEMU_CAPS_SPICE_FILE_XFER_DISABLE */
|
"spice-file-xfer-disable", /* X_QEMU_CAPS_SPICE_FILE_XFER_DISABLE */
|
||||||
"spiceport", /* X_QEMU_CAPS_CHARDEV_SPICEPORT */
|
"spiceport", /* X_QEMU_CAPS_CHARDEV_SPICEPORT */
|
||||||
"usb-kbd", /* QEMU_CAPS_DEVICE_USB_KBD */
|
"usb-kbd", /* QEMU_CAPS_DEVICE_USB_KBD */
|
||||||
|
@ -268,7 +268,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
|
|||||||
QEMU_CAPS_DEVICE_PANIC, /* -device pvpanic */
|
QEMU_CAPS_DEVICE_PANIC, /* -device pvpanic */
|
||||||
|
|
||||||
/* 160 */
|
/* 160 */
|
||||||
QEMU_CAPS_ENABLE_FIPS, /* -enable-fips */
|
X_QEMU_CAPS_ENABLE_FIPS, /* -enable-fips */
|
||||||
X_QEMU_CAPS_SPICE_FILE_XFER_DISABLE, /* -spice disable-agent-file-xfer */
|
X_QEMU_CAPS_SPICE_FILE_XFER_DISABLE, /* -spice disable-agent-file-xfer */
|
||||||
X_QEMU_CAPS_CHARDEV_SPICEPORT, /* -chardev spiceport */
|
X_QEMU_CAPS_CHARDEV_SPICEPORT, /* -chardev spiceport */
|
||||||
QEMU_CAPS_DEVICE_USB_KBD, /* -device usb-kbd */
|
QEMU_CAPS_DEVICE_USB_KBD, /* -device usb-kbd */
|
||||||
|
@ -10512,21 +10512,6 @@ qemuBuildCommandLine(virDomainObj *vm,
|
|||||||
if (qemuBuildPflashBlockdevCommandLine(cmd, vm) < 0)
|
if (qemuBuildPflashBlockdevCommandLine(cmd, vm) < 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
/* QEMU 1.2 and later have a binary flag -enable-fips that must be
|
|
||||||
* used for VNC auth to obey FIPS settings; but the flag only
|
|
||||||
* exists on Linux, and with no way to probe for it via QMP. Our
|
|
||||||
* solution: if FIPS mode is required, then unconditionally use the flag.
|
|
||||||
*
|
|
||||||
* In QEMU 5.2.0, use of -enable-fips was deprecated. In scenarios
|
|
||||||
* where FIPS is required, QEMU must be built against libgcrypt
|
|
||||||
* which automatically enforces FIPS compliance.
|
|
||||||
*
|
|
||||||
* Note this is the only use of driver->hostFips.
|
|
||||||
*/
|
|
||||||
if (driver->hostFips &&
|
|
||||||
virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ENABLE_FIPS))
|
|
||||||
virCommandAddArg(cmd, "-enable-fips");
|
|
||||||
|
|
||||||
if (qemuBuildMachineCommandLine(cmd, cfg, def, qemuCaps, priv) < 0)
|
if (qemuBuildMachineCommandLine(cmd, cfg, def, qemuCaps, priv) < 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user